Technology with attitude

Judy Malware Hidden In Google Play Store For More Than A Year

0

Check Point has recently reported that the Google Play Store has been hosting apps with the new Judy Malware ever since April 2016. The worrying news came complete with evidence that the company found for 41 apps, developed by the same Korean company, that came together with the malware. There were also some other apps that contained it, but for those we have yet to receive an explanation.

All the apps had been previously reported to Google before, which in turn removed them from the store. However, the team found at least one of the apps that got an update in April 2016. This means that the malware was still around the Play Store ever since then, which is more than a year now.

Why Is It Called Like That?

Well, the malware received this name because of the name of the game series where it was contained. In fact, it’s quite a simple malware when it comes to its execution. You just need a phone home that controls a server from the app downloaded by a user from the Play Store. As such, the action doesn’t take place in the app code found on the store, and for this reason, the apps get past the Bouncer.

How Does It Work?

As soon as the app phones home, the control server sends a JavaScript payload with which the malicious process is initiated. It starts controlling the phone under the surface and it directs it to the URLs found in the control server. After that, it looks up Google ads and repeatedly clicks on them, offering ad revenue for the hacker.

However, it’s hard to identify the infected apps, since they have English names and may look like credible apps, with millions of downloads and good reviews.