Judy, Judy, Judy; Malware affects as many as 36.5 million Android devices

Judy, Judy, Judy; Malware affects as many as 36.5 million Android devices
Last week, researchers at Check Point discovered malware called "Judy" that could have infected as many as 36.5 million Android devices. The auto-clicking adware generates large numbers of fraudulent clicks on ads, resulting in large sums being paid to the hackers behind the operation. The malware was found on 41 apps offered by a Korean firm, and quickly spread between 4.5 million and 18.5 million downloads.

The interesting thing is that many of these apps had been listed in the Google Play Store for years, but all of them had recently been updated. Check Point also discovered a few apps written by other developers that contained the same malware. It isn't known what the connection is between the different developers, and if the malware was knowingly or accidentally spread.

The apps containing the malware are developed by a company from Korea named Kiniwini, using the name of ENISTUDIO corp. on the Google Play Store. For its part, Google has already removed the malicious apps from the Play Store. The apps listed by Kiniwini all included the name Judy in the title, which explains how the malware received its name. It should be pointed out that Kiniwini also develops apps for the Apple App Store.
 

If you have any of these apps on your phone or tablet, make sure that you delete them immediately.


source: CheckPoint via BGR

FEATURED VIDEO

29 Comments

1. mattkl

Posts: 255; Member since: Feb 01, 2010

mal·ware ˈmalwer/Submit nounCOMPUTING software that is intended to damage or disable computers and computer systems. Not looking to argue, but I don't see what this does to our phones that will harm us? Obviously needs to be found and eradicated but I wouldn't call this malware. Well, I can't call this malware since it isn't. Just unwanted functionality. Maybe it should be called unethicalware? Anyways, here's to accuracy.

2. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

This is an adware ( http://bfy.tw/C4IB ), which is a form of malware...

3. mattkl

Posts: 255; Member since: Feb 01, 2010

ad·ware ˈadwer/Submit nounCOMPUTINGtrademark software that automatically displays or downloads advertising material (often unwanted) when a user is online. Not adware either. Maybe Google it yourself and read what comes up.

4. kiko007

Posts: 7493; Member since: Feb 17, 2016

How about you actually read his link instead of being an asshat?

5. mattkl

Posts: 255; Member since: Feb 01, 2010

Hahaha oh you mean the one in which I pasted the contents of? That's two people that can't read or comprehend now. Next?

6. iCloud

Posts: 125; Member since: May 15, 2014

I agree +1

7. mattkl

Posts: 255; Member since: Feb 01, 2010

You missed out, you could have been the third. +1

37. Nick040489

Posts: 29; Member since: Apr 01, 2010

Search "is adware a form of malware" It will show you that you're wrong.

38. krystian

Posts: 423; Member since: Mar 16, 2016

Your argument makes no sense since adware can be a type of malware but can also be legitimate. Adware itself is a legitimate form of compensation to a developer. It took over the shareware craze at one point. Adware becomes malware when it becomes malicious and unauthorized. So no, I'm not wrong. This is malware. Malware is the root in the hierarchy, the type of malware is insignificant.

19. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Sounds like you're having a hard time comprehending how this malware matches the definition. If you read and comprehend the article before commenting, you would have noticed the following: "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author." Which fits the "downloading of advertising material" aspect of the definition. Even if you want to remain in denial about it being an adware, it still fits the definition of malware ( https://en.wikipedia.org/wiki/Malware ), or are you also having a hard time realizing that this is software made for a malicious intent?

28. mattkl

Posts: 255; Member since: Feb 01, 2010

"Sounds like you're having a hard time comprehending how this malware matches the definition." Sounds like you're having a hard time comprehending what the definition of a definition is. You like wikipedia? Okay, lets use wikipedia. https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_is_not_a_dictionary You may enjoy this one as well.https://en.wikipedia.org/wiki/Wikipedia:What_Wikipedia_is_not or maybe you meant to use their wiktionary https://en.wiktionary.org/wiki/malware malware (usually uncountable, plural malwares) (computing) Software which has been designed to operate in a malicious, undesirable manner. And don't get confused thinking it says "or undesirable manner" it is in addition to being malicious. Just because software doesn't work exactly how you want doesn't make it malicious. https://en.wiktionary.org/wiki/malicious malicious (comparative more malicious, superlative most malicious) Of, pertaining to, or as a result of malice or spite spiteful and deliberately harmful So, as we have seen this coding is not malicious to the user or their device, nor does it download or display ads or advertising material. http://www.businessdictionary.com/definition/advertising-material.html advertising material Definition Popular Terms Booklets, brochures, catalogs, audio tapes, video tapes, CDs, etc., designed to provide information, and stimulate interest, about a product or business. Case closed.

36. krystian

Posts: 423; Member since: Mar 16, 2016

Absolutely incorrect. Malware takes control of the operation of the cpu. Dictionary.com has an approrpriate definition software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation: The idea is that it eats up cpu cycles and does things that have not been authorized by the system or user.

8. piyath

Posts: 2445; Member since: Mar 23, 2012

Android and "security" are like black and white. No matter how you try you cannot make them live together. Infact even my ex gf was more secure and trustworthy than android....LMAO

9. darkkjedii

Posts: 31058; Member since: Feb 05, 2011

That's the dumbest fk'n post I've ever read. Piyath and ex gf, are like iOS and customization. They don't go together.

21. sissy246

Posts: 7115; Member since: Mar 04, 2015

I think this one tops his others.

24. piyath

Posts: 2445; Member since: Mar 23, 2012

"Customisation" is the apology Android fanboys make when they can't compete in any other way....lol

33. Flash

Posts: 1972; Member since: May 19, 2017

Are you going to actually come up with a response or is the truth that much painful to bear?

10. mattkl

Posts: 255; Member since: Feb 01, 2010

Sounds like someone didn't know their ex very well.

13. kotan24

Posts: 311; Member since: Oct 29, 2012

We all know anroid sucks that is way Google is trying to create a new Os from the ground up with Fucsia (or whatever the name is) is an inefficient piece of crap that they need to get rid of pronto.

29. mattkl

Posts: 255; Member since: Feb 01, 2010

I love the hate man. Thanks for letting us know about Fuchsia os. Looks interesting.

35. tedkord

Posts: 17357; Member since: Jun 17, 2009

By "we" you obviously mean the hate filled, butthurt few who just can't live with Android dominating the mobile OS landscape, or Android flagships dominating the smartphone ratings.

16. mattkl

Posts: 255; Member since: Feb 01, 2010

Can't we just have a friendly chat about some f'kn malware people? We're some crazy mothers up in here.

18. HildyJ

Posts: 338; Member since: Aug 11, 2012

Note that the Checkpoint link has an actual list of the apps found.

23. Leo_MC

Posts: 7432; Member since: Dec 02, 2011

My kid played with the Android phone and got it full of this kind of malware. Somebody has to do something about that.

34. tedkord

Posts: 17357; Member since: Jun 17, 2009

Sure he did. Your kid was one of the up to 1.8%.

40. Leo_MC

Posts: 7432; Member since: Dec 02, 2011

I respect the right of content creators to push adds, I just don't like those adds to be anywhere outside their app/service, especially not in my notification area. I'm sure most of you agree. For me, this is (yet another) reason I use an iPhone as my main device. Fortunately, one can always remove the "infectious" app, but it's annoying and Google can fix this very easy :).

27. ibend

Posts: 6747; Member since: Sep 30, 2014

"Even malicious apps can get high user ratings" thanks to chinese 'click' farm

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.