Skip to main content

Android malware 'Judy' earns hackers revenue by forcing devices to click on ads

There’s a new strain of Android malware going around, and it might be one of the most annoying yet.

On Tuesday, mobile security analysts at Check Point uncovered the innocuous-sounding Judy, code that’s infected at least 41 different apps on the Google Play Store, Android’s app marketplace. Once installed, Judy opens internet links and imitates the behavior of a PC, using JavaScript to hunt down and fraudulently click on ads served by Google’s advertising platform.

Recommended Videos

Most of Judy’s ad-serving occurs in the background, but the adware also injects a large number of advertisements into applications — in some cases leaving users no option but to click on them.

The endgame is to rake in revenue by infecting as many Android devices as possible, and the Judy hackers are well on their way. The malware bypassed Bouncer, Google’s AI-powered Play Store filter that automatically flags malware, by creating a benign “middleware” app that silently establishes a connection with a remote server and installs Judy’s code.

Making matters worse, many of the infected applications had high average Play Store user ratings — in some cases four out of five stars. “A high reputation does not necessarily indicate that the app is safe for use,” Check Point said. “Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.”

According to Checkpoint, Judy infected between 4.5 million and 18.5 million devices — some as early as April 2016. Most of the malicious apps were published by Korean company Kiniwini, but it’s unclear whether Enistudio, its parent company, was complicit — Check Point researchers discovered the Judy code in apps from unaffiliated developers, but suspect that it might have been shared by another hacking group.

Given the prevalence of malware like Judy, it’s no wonder that latest version of Android, Android O, doubles down on security. It introduces new and improved device encryption, tamper-resistant hardware, and in-app Safe Browsing, a Chrome browser feature that uses machine learning to alert you to potentially harmful web content.

The new security features build on Google’s efforts to harden Android against attackers. Google’s SafetyNet, which rolled out alongside Android Marshmallow last year, verifies that devices are what they claim to be. And Google is using machine learning and statistical analysis to pinpoint potentially harmful apps.

Google’s real-time, cloud-based security platform consists of more than 20,000 processors, the company said at its Google I/O developer conference in June, and scans more than 50 billion devices every day.

Kyle Wiggers
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
App subscription fatigue is quickly ruining my smartphone
App Store displayed on an iPhone 14 Pro against a pink background

When I first got an iPhone in 2008, I remember checking out web apps, which were basically websites that I would keep bookmarked on the home screen. Every time I opened them up, they somehow didn’t look like I just launched mobile Safari. Eventually, Apple launched the App Store in July 2008, mostly eliminating the need for antiquated web apps.

Since the App Store opened up, we've gotten to see innovative new apps and games that took our iPhones to a completely new level — showing us what our devices were capable of. I was excited to see and hear about new apps for a variety of things, from task managers to camera replacement apps to photo editors to journals and so much more. Games were also making use of the iPhone’s accelerometer and gyroscope sensors, so it wasn’t just always about touchscreen controls.

Read more
Google’s Android monopoly finds its biggest challenge, and Apple might be next
Apps screen on the Google Pixel 7.

The Competition Commission of India slapped Google with two hefty fines over anti-competitive strategies that have allowed it to dominate the mobile ecosystem in India. Totaling over $250 million, the penalties reprimand Google for forcing smartphone makers to avoid Android forks, prefer Google’s web search service, and pre-install popular cash cows like YouTube on phones.

Google was also disciplined for forcing its own billing system on developers that allowed the giant to take up to a 30% share of all in-app purchases for applications listed on the app store. Google is not really a stranger to titanic penalties; The EU handed Google a record-breaking fine of approximately $5 billion in 2018 for abusing its dominant market position — a penalty that was upheld in September this year following Google’s appeal.

Read more
Google wants you to know Android apps aren’t just for phones anymore
Person holding Samsung Galaxy smartphone showing Google Play Store.

When most people think of the Google Play Store, the first thing that comes to mind is smartphones. However, the spread of the Android ecosystem is far broader than that, and Google is taking steps to increase awareness of this and make it easier for folks to find apps on the Play Store for their smart TVs, watches, and even cars.

In a blog post today, the Google Play team announced three significant changes that should make it easier for Android fans to discover apps for all their devices, right from their phone. This includes recommendations of apps for non-phone devices, a search filter to focus on only games optimized for non-phone devices, and even a remote install feature that will let you deliver those apps to your Android TV, Wear OS watch, or Android Automotive-equipped car.

Read more