Skip to main content

Android malware 'Judy' earns hackers revenue by forcing devices to click on ads

Mobile Malware
Image used with permission by copyright holder
There’s a new strain of Android malware going around, and it might be one of the most annoying yet.

On Tuesday, mobile security analysts at Check Point uncovered the innocuous-sounding Judy, code that’s infected at least 41 different apps on the Google Play Store, Android’s app marketplace. Once installed, Judy opens internet links and imitates the behavior of a PC, using JavaScript to hunt down and fraudulently click on ads served by Google’s advertising platform.

Recommended Videos

Most of Judy’s ad-serving occurs in the background, but the adware also injects a large number of advertisements into applications — in some cases leaving users no option but to click on them.

Please enable Javascript to view this content

The endgame is to rake in revenue by infecting as many Android devices as possible, and the Judy hackers are well on their way. The malware bypassed Bouncer, Google’s AI-powered Play Store filter that automatically flags malware, by creating a benign “middleware” app that silently establishes a connection with a remote server and installs Judy’s code.

Making matters worse, many of the infected applications had high average Play Store user ratings — in some cases four out of five stars. “A high reputation does not necessarily indicate that the app is safe for use,” Check Point said. “Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.”

According to Checkpoint, Judy infected between 4.5 million and 18.5 million devices — some as early as April 2016. Most of the malicious apps were published by Korean company Kiniwini, but it’s unclear whether Enistudio, its parent company, was complicit — Check Point researchers discovered the Judy code in apps from unaffiliated developers, but suspect that it might have been shared by another hacking group.

Given the prevalence of malware like Judy, it’s no wonder that latest version of Android, Android O, doubles down on security. It introduces new and improved device encryption, tamper-resistant hardware, and in-app Safe Browsing, a Chrome browser feature that uses machine learning to alert you to potentially harmful web content.

The new security features build on Google’s efforts to harden Android against attackers. Google’s SafetyNet, which rolled out alongside Android Marshmallow last year, verifies that devices are what they claim to be. And Google is using machine learning and statistical analysis to pinpoint potentially harmful apps.

Google’s real-time, cloud-based security platform consists of more than 20,000 processors, the company said at its Google I/O developer conference in June, and scans more than 50 billion devices every day.

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
New iPad Air incoming? There’s a low stock warning
A person holding the Apple iPad Air (2024), showing the screen.

Less than a year has passed since the release of the current iPad Air. However, a new one could launch very soon. As Bloomberg’s Mark Gurman notes, the inventory for the popular tablet is dwindling, suggesting that a new model is set to launch.

The 2024 iPad Air was launched in May 2024, introducing a new 13-inch model alongside the traditional 11-inch model. Both versions feature Liquid Retina displays that offer vibrant colors and sharp details and are powered by the M2 chip, which provides improved performance compared to the previous generation. Beyond this, there were a few changes made between this and the previous model, which arrived in 2022.

Read more
Samsung might return to all-Exynos for its Galaxy S26 lineup
A close up of the triple camera on the Samsung Galaxy S25 Plus

Samsung has seen a smoother development with its Exynos 2600 chip than it did with the 2500, according to a new report. Prior to the release of the Samsung Galaxy S25, rumors suggested the phone could use the Exynos 2500 or the Snapdragon 8 Elite, and leaks provided a lot of conflicting information. Now, a report from a Korean news outlet says the company has already achieved a 30% yield from its manufacturing process.

The company is using a 2 nanometer production process, and it's initial yields were higher than expected according to The Bell. Samsung plans to start mass production of this chip in the second half of the year and say it could improve performance by 12% and power efficiency by 25%.

Read more
Google Messages might let you unsend awkward messages in RCS chats
The Google Messages app on the Galaxy S25 Ultra.

Google Messages, the default messaging app on Android phones, could soon get new features that will let you unsend texts like third-party messengers. The unsend functionality is reportedly under testing and will be available for chats over RCS protocol, which succeeds traditional SMS with improved support for multimedia, emoji, reactions, etc.

Presently, when you delete a message, it is only removed from your device without impacting other participants in the chat. Now, Google appears to be testing a new "delete for everyone" functionality for conversations that will delete messages for all parties, similar to instant messaging apps such as WhatsApp and Telegram. 9to5Google spotted references to the under-development functionality, suggesting it might be available for a wider audience to benefit from -- though the exact timeline of remains unknown.

Read more