Judy Malware Takes Android Devices By Storm
A malicious software called Judy malware, was inserted into over 40 different apps found within the Google Play store. These infected applications were downloaded over 36 million times since March 2017. It is expected this malware has been running wild since March, infecting an unknown number of devices.
However, the Google Play store has a control in place to mitigate the risk of malware being distributed through Google Play. This control is called “Google Bouncer”. If this control was in place, how did the malware go undetected? According to the BCC, the apps don’t actually include the malware. Once a user downloads the impacted app, it silently registers the device to a remote server. This server then sends the malicious software to open a hidden website and generate revenue for the site by clicking on the advertisements.
A full list of the infected apps has not been released; however, the all of the impacted apps were placed in the Google Play store by a South Korean developer under the name Enistudio. The impacted apps have since been removed from the Google Play store.
Keeping mobile devices protected has become a higher priority than ever before. Unfortunately, the Google Bouncer failed at properly vetting these malicious apps. Having a secondary option, instead of relying on app store security, should now be a priority. However, finding a security solution mobile devices can be difficult, depending on the type of device.
In this particular instance, Android devices were targeted. PC Matic does provide security protection for Android devices. This protection is available at the Google Play store. Alternative solutions are available as well for different devices. It is advised, smart phone users determine which device they have and find a security solution that is best suited to protect that device.
Also, users must be aware of what they are downloading. As we saw with “Judy”, not all apps are safe, even if they are found within an app store. Often times users search for something vague, such as “free games”. Many may be legitimate, but some may be malicious. Instead of downloading every app that is found to be slightly interesting, users should research them online to confirm their legitimacy. Even malicious apps have falsified reviews, so going by those are not always the safest bet either.