Has Judy Malware Infected Your Phone?
On May 26, a presumably mortified Google booted 41 apps from the Google Play store. All of them were infected with malware; collectively, they have infected 36.5 million Android devices. It’s bad enough that one infected app slipped past Google’s stringent vetting, let alone 41. What’s even worse is that at least one of the bogus apps had been on Google Play for more than two years! Here's what you need to know... |
What is The Judy Malware?
Google did not even discover the infected apps itself; security vendor Check Point Software did, and notified Google. Check Point described the incident as “possibly the largest malware campaign found on Google Play.”“Judy,” as Check Point named this malware, primarily targets advertisers. Unknown to the user, Judy clicks on certain ads that it is programmed to recognize... over and over again, even when the app infected by Judy is closed. Every click earns money for the perpetrators of this scam because they own the sites on which the ads appear. This sort of “click fraud” costs advertisers $7-15 billion per year, according to mobile marketing firm Tune.
Judy avoids detection by Google Play’s “Bouncer” algorithm in a rather clever way. The app that is submitted to Google Play is a deliberately benign-looking bit of code called a “bridgehead app,” typically a game of some sort. Nothing in it does anything malicious, so it doesn’t trigger the Bouncer.
Once a user downloads the app, it connects to a comand-and-control server to download the ad-fraud kit, which includes Javascript code, a user agent that imitates a web browser, and target URLs. The user agent uses a URL to connect to a site, and then the Javascript locates and clicks on banner ads in the Google ad network. Each click is money in a bad guy’s pocket.
In addition to fraudulent clicking, Judy displays lots of ads to the user, sometimes so many that the user is left with nothing but ads to click on! That’s a sign your device may be infected by Judy. Also, the name “Judy” appears in the titles of all apps infected with the Judy malware (e.g. Chef Judy, Fashion Judy, Animal Judy, etc.). Aside from the possible annoyance of the ads, Judy doesn't seem to pose any other threats to privacy or security.
But Wait... There's More!
But you aren’t necessarily safe just because you don’t see the word “Judy” among your apps. Other hacker groups are distributing similar malware that is not so easily identified. See the appendices at the end of Check Point’s blog post for all the known names of Judy or “Judy-ish” apps.
Google is surely blushing over this breach of its Play store - actually these forty-one-plus breaches of its Play store. But note that any app store is vulnerable to the shenanigans that Judy pulled. So perhaps next week, Apple will be similarly red-faced. (Kiniwini, the Korean company that owns the Judy apps, also has similar apps in the Apple Store, but Checkpoint didn't see any evidence of the click fraud going on there.)
The moral of this story is that you have to take charge of your own security. Be very careful about installing apps on your mobile device. I don't know of any mobile security tools that would have prevented or detected this type of malware. So my advice is to use only well-known apps from well-known companies. Anything that's not "mission critical" should be scrapped.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 1 Jun 2017
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Is Kaspersky Anti-Virus Spying for Russia? |
The Top Twenty |
Next Article: Is This the Essential Gadget? |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Has Judy Malware Infected Your Phone? (Posted: 1 Jun 2017)
Source: https://askbobrankin.com/has_judy_malware_infected_your_phone.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Has Judy Malware Infected Your Phone?"
Posted by:
Daniel
01 Jun 2017
Now that the word is out, I would expect the mobile security programs to start checking for this behavior. Am I too optimistic?
Posted by:
Stephe
01 Jun 2017
Probably, Daniel!
Posted by:
Jay R
01 Jun 2017
Could we get a list of the booted bad?
Posted by:
Jay R
01 Jun 2017
http://tech.firstpost.com/news-analysis/judy-malware-here-is-the-complete-list-of-infected-google-play-store-apps-379085.html
That is the link to it. Me, I didn't follow that link, I Googled Judy Malware after my first post.
Posted by:
Michael
01 Jun 2017
Thanks Bob, now I know why the wife's android phone acts so strange. And her name is Judy, how ironic.
Posted by:
GuitarRebel
01 Jun 2017
Thanks for the link to the banned-apps list, Jay.
I'm scratching my head as to why it wasn't included in this newsletter. Bob is usually pretty thorough about links.
Posted by:
GennyB
01 Jun 2017
GuitarRebel, Bob included the link (" See the appendices at the end of Check Point’s blog post for all the known names of Judy or “Judy-ish” apps.") So, no need to scratch your head.
Posted by:
Chuck
01 Jun 2017
My phone had gotten to the point I really was unable to use it so I trashed a whole raft of recently loaded apps and old unused ones. If you delete a Judy app does the malware go away?
Posted by:
JP
01 Jun 2017
First thing that popped into my head when I started reading this... Goober Pyle doing his impression of Cary Grant saying, "Judy-Judy-Judy-Judy-Judy."
https://www.youtube.com/watch?v=blQrIySidOA
Posted by:
Bob K.
02 Jun 2017
Hi Bob,
It's about time someone discovered this. My TV has been infected for years, by Judge Judy.