Click to Skip Ad
Closing in...
  1. MyQ Smart Garage Door Opener
    08:37 Deals

    Oops! Prime Day’s best-selling smart home gadget is still down to $17

  2. Prime Day 2021 Deals
    10:22 Deals

    Amazon just revealed its official list of Prime Day 2021 best-sellers

  3. Best Amazon Deals Today
    08:02 Deals

    Prime Day is over, but these 10 exclusive deals are for Prime members only

  4. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  5. Prime Day Deals
    09:47 Deals

    Did someone forget to end these 15 epic Prime Day deals?




New ‘Judy’ malware on Android may have infected 36 million devices

May 29th, 2017 at 3:39 PM
Judy Malware

There’s a new piece of Android malware on the loose and it’s a doozy. Originally discovered by researchers at Check Point last week, the malware has been dubbed “Judy” and is potentially one of the most widely spread pieces of Android malware we’ve seen to date. It’s currently believed that upwards of 36.5 million Android devices may have already been infected.

According to Check Point, the malware — which is seemingly designed to underhandedly generate ad revenue — was found lurking on 41 separate apps on the Google Play Store and was apparently able to skirt around Google’s Bouncer system. Notably, some of the offending apps have been available for download for years, though at this point it remains unclear if the malware was always present or perhaps inserted later on via a software update.

“The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it,” the security report reads.

As for how the malware operates, Check Point explains:

Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.

Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic.

Notably, Google is aware of the malware campaign and has removed the offending apps from its online store.

As for the perpetrators behind the malware campaign, all we know at this point is that the malicious apps originate from a Korean company that develops apps for both iOS and Android.

A life long Mac user and Apple enthusiast, Yoni Heisler has been writing about Apple and the tech industry at large for over 6 years. His writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and most recently, TUAW. When not writing about and analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions, the most recent examples being The Walking Dead and Broad City.




Popular News