There’s a new piece of Android malware on the loose and it’s a doozy. Originally discovered by researchers at Check Point
last week, the malware has been dubbed “Judy” and is potentially one of
the most widely spread pieces of Android malware we’ve seen to date.
It’s currently believed that upwards of 36.5 million Android devices may
have already been infected.
As the firm explains, the malware "is an auto-clicking adware which was found on 41 apps developed by a Korean company."
Checkpoint
says 'Judy' generates fraudulent clicks on ads, which results in
revenue for the perpetrators, who created a "benign bridgehead app",
which inserts a connection to the users' phone into the app store.
That
means once a particular user downloads an app, it "silently registers
receivers which establish a connection with the C&C server," which
in turn replies with the "malicious payload."
Notably, Google is
aware of the malware campaign and has removed the offending apps, which
comprised several cooking and fashion games using the 'Judy' brand, from
its online store.
The Korean publisher thought to be responsible
for the infected apps is reportedly known as "ENISTUDIO," though other
publishers have also been said to have released apps with the malware
included.
Precisely how the infected apps made it through the
Google Play Store screening process remains unclear, but Checkpoint does
offer the following explanation: "Hackers can hide their apps' real
intentions or even manipulate users into leaving positive ratings, in
some cases unknowingly. Users cannot rely on the official app stores for
their safety, and should implement advanced security protections
capable of detecting and blocking zero-day mobile malware."
Check CSU for more info.
No comments:
Post a Comment