Judy Malware Has Hidden In Play Store For Over A Year


Google's Play Store seems to have hosted apps containing the newly discovered Judy malware since April of 2016, according to a report from Check Point. The firm found a total of 41 apps from the same Korean company that contained the malware, as well as a few apps created by other entities that inexplicably had the malware in them. All of those apps have since been reported to Google and removed from Google Play, but at least one of the apps had last been updated in April of 2016, meaning that the bug has been lurking on the Play Store for over a year.

The malware itself is named Judy because of the series of games that it's hidden in. The malware itself is rather simple in its execution. It begins with a phone home to a control server from an app that a user downloads from the Play Store. The action doesn't actually happen inside the app code that's in the Play Store, which helps to get the apps past the Bouncer protections. Once the app phones home, the control server sends in a JavaScript payload that starts the actual malicious process. It controls the phone beneath the surface, directing it to URLs in the control server, where it seeks out ads from Google, then gives them repeated anonymous clicks to generate ad revenue for the attacker.

The Korean company that put the Judy games on Google Play is known as Kiniwini, and is registered under the name ENISTUDIO corp. on Google Play's developer listings. A cursory glance at the company's website makes it seem like just another freemium mobile developer, with games on both iOS and Android. The otherwise unassuming Judy series checks all the normal mass-produced freemium game series boxes; fashion, animals, food, and the like, but contains malware that generates fradulent revenue by using an infected device without a user's knowledge. The other apps that have the malware come from scattered developers, and most of the apps don't even have English names, meaning that one would be hard-pressed to find them on most countries' Play Stores. Along with the Judy series, the list of apps with English names includes Dog Music (Relax), Spring-It's stylish, it's sexy, and Crafting Guide for Minecraft. These apps don't look malicious on the surface, and may even have millions of downloads and good reviews.


Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments