Has Judy Malware Infected Your Phone?

Category: Mobile , Security

On May 26, a presumably mortified Google booted 41 apps from the Google Play store. All of them were infected with malware; collectively, they have infected 36.5 million Android devices. It’s bad enough that one infected app slipped past Google’s stringent vetting, let alone 41. What’s even worse is that at least one of the bogus apps had been on Google Play for more than two years! Here's what you need to know...

What is The Judy Malware?

Google did not even discover the infected apps itself; security vendor Check Point Software did, and notified Google. Check Point described the incident as “possibly the largest malware campaign found on Google Play.”

“Judy,” as Check Point named this malware, primarily targets advertisers. Unknown to the user, Judy clicks on certain ads that it is programmed to recognize... over and over again, even when the app infected by Judy is closed. Every click earns money for the perpetrators of this scam because they own the sites on which the ads appear. This sort of “click fraud” costs advertisers $7-15 billion per year, according to mobile marketing firm Tune.

Judy avoids detection by Google Play’s “Bouncer” algorithm in a rather clever way. The app that is submitted to Google Play is a deliberately benign-looking bit of code called a “bridgehead app,” typically a game of some sort. Nothing in it does anything malicious, so it doesn’t trigger the Bouncer.

Judy Android malware

Once a user downloads the app, it connects to a comand-and-control server to download the ad-fraud kit, which includes Javascript code, a user agent that imitates a web browser, and target URLs. The user agent uses a URL to connect to a site, and then the Javascript locates and clicks on banner ads in the Google ad network. Each click is money in a bad guy’s pocket.

In addition to fraudulent clicking, Judy displays lots of ads to the user, sometimes so many that the user is left with nothing but ads to click on! That’s a sign your device may be infected by Judy. Also, the name “Judy” appears in the titles of all apps infected with the Judy malware (e.g. Chef Judy, Fashion Judy, Animal Judy, etc.). Aside from the possible annoyance of the ads, Judy doesn't seem to pose any other threats to privacy or security.

But Wait... There's More!

But you aren’t necessarily safe just because you don’t see the word “Judy” among your apps. Other hacker groups are distributing similar malware that is not so easily identified. See the appendices at the end of Check Point’s blog post for all the known names of Judy or “Judy-ish” apps.

Google is surely blushing over this breach of its Play store - actually these forty-one-plus breaches of its Play store. But note that any app store is vulnerable to the shenanigans that Judy pulled. So perhaps next week, Apple will be similarly red-faced. (Kiniwini, the Korean company that owns the Judy apps, also has similar apps in the Apple Store, but Checkpoint didn't see any evidence of the click fraud going on there.)

The moral of this story is that you have to take charge of your own security. Be very careful about installing apps on your mobile device. I don't know of any mobile security tools that would have prevented or detected this type of malware. So my advice is to use only well-known apps from well-known companies. Anything that's not "mission critical" should be scrapped.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 1 Jun 2017


For Fun: Buy Bob a Snickers.

Prev Article:
Is Kaspersky Anti-Virus Spying for Russia?

The Top Twenty
Next Article:
Is This the Essential Gadget?

Most recent comments on "Has Judy Malware Infected Your Phone?"

Posted by:

Daniel
01 Jun 2017

Now that the word is out, I would expect the mobile security programs to start checking for this behavior. Am I too optimistic?


Posted by:

Stephe
01 Jun 2017

Probably, Daniel!


Posted by:

Jay R
01 Jun 2017

Could we get a list of the booted bad?


Posted by:

Jay R
01 Jun 2017

http://tech.firstpost.com/news-analysis/judy-malware-here-is-the-complete-list-of-infected-google-play-store-apps-379085.html

That is the link to it. Me, I didn't follow that link, I Googled Judy Malware after my first post.


Posted by:

Michael
01 Jun 2017

Thanks Bob, now I know why the wife's android phone acts so strange. And her name is Judy, how ironic.


Posted by:

GuitarRebel
01 Jun 2017

Thanks for the link to the banned-apps list, Jay.
I'm scratching my head as to why it wasn't included in this newsletter. Bob is usually pretty thorough about links.


Posted by:

GennyB
01 Jun 2017

GuitarRebel, Bob included the link (" See the appendices at the end of Check Point’s blog post for all the known names of Judy or “Judy-ish” apps.") So, no need to scratch your head.


Posted by:

Chuck
01 Jun 2017

My phone had gotten to the point I really was unable to use it so I trashed a whole raft of recently loaded apps and old unused ones. If you delete a Judy app does the malware go away?


Posted by:

JP
01 Jun 2017

First thing that popped into my head when I started reading this... Goober Pyle doing his impression of Cary Grant saying, "Judy-Judy-Judy-Judy-Judy."

https://www.youtube.com/watch?v=blQrIySidOA


Posted by:

Bob K.
02 Jun 2017

Hi Bob,

It's about time someone discovered this. My TV has been infected for years, by Judge Judy.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Has Judy Malware Infected Your Phone? (Posted: 1 Jun 2017)
Source: https://askbobrankin.com/has_judy_malware_infected_your_phone.html
Copyright © 2005 - Bob Rankin - All Rights Reserved