Skip to main content
  1. Home
  2. Mobile
  3. News

Android malware 'Judy' earns hackers revenue by forcing devices to click on ads

Kyle Wiggers
By

Mobile Malware
Image used with permission by copyright holder
There’s a new strain of Android malware going around, and it might be one of the most annoying yet.

On Tuesday, mobile security analysts at Check Point uncovered the innocuous-sounding Judy, code that’s infected at least 41 different apps on the Google Play Store, Android’s app marketplace. Once installed, Judy opens internet links and imitates the behavior of a PC, using JavaScript to hunt down and fraudulently click on ads served by Google’s advertising platform.

Recommended Videos

Most of Judy’s ad-serving occurs in the background, but the adware also injects a large number of advertisements into applications — in some cases leaving users no option but to click on them.

Related

The endgame is to rake in revenue by infecting as many Android devices as possible, and the Judy hackers are well on their way. The malware bypassed Bouncer, Google’s AI-powered Play Store filter that automatically flags malware, by creating a benign “middleware” app that silently establishes a connection with a remote server and installs Judy’s code.

Making matters worse, many of the infected applications had high average Play Store user ratings — in some cases four out of five stars. “A high reputation does not necessarily indicate that the app is safe for use,” Check Point said. “Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware.”

According to Checkpoint, Judy infected between 4.5 million and 18.5 million devices — some as early as April 2016. Most of the malicious apps were published by Korean company Kiniwini, but it’s unclear whether Enistudio, its parent company, was complicit — Check Point researchers discovered the Judy code in apps from unaffiliated developers, but suspect that it might have been shared by another hacking group.

Given the prevalence of malware like Judy, it’s no wonder that latest version of Android, Android O, doubles down on security. It introduces new and improved device encryption, tamper-resistant hardware, and in-app Safe Browsing, a Chrome browser feature that uses machine learning to alert you to potentially harmful web content.

The new security features build on Google’s efforts to harden Android against attackers. Google’s SafetyNet, which rolled out alongside Android Marshmallow last year, verifies that devices are what they claim to be. And Google is using machine learning and statistical analysis to pinpoint potentially harmful apps.

Google’s real-time, cloud-based security platform consists of more than 20,000 processors, the company said at its Google I/O developer conference in June, and scans more than 50 billion devices every day.

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
You can now use an Android phone to log in to Google on an iOS device
google android phone physical security key account

Google is making it a little easier to sign into your Google apps and services on an iOS device. The company is taking advantage of the new security key feature in Android to allow people to use their Android phone to log in to Google services on iOS.

The new feature works through Google's Smart Lock app, which you need to have installed on your iPad or iPhone to make the Android security key feature work. You also need two-step verification enabled, and if both of those criteria are met, you will be able to hold down the volume key on your phone to sign in to your services.

Read more
Google Play Store feature suggests unused apps to uninstall from Android phones
Google Play store on a smartphone in someone's hand.

A new Google Play Store feature is suggesting a list of unused apps that people may want to uninstall from their Android devices to free up some space.

Downloading and installing apps to Android smartphones through the Google Play Store is easy, so it is understandable if people accumulate apps that they do not regularly use.

Read more
Google I/O: There are big changes coming to Play Store reviews
Google Play store on a smartphone in someone's hand.

Google Play Store customers -- some 2.5 billion souls in more than 190 countries -- have a new app and game review calibration to look forward to in August, according to Kobi Glick, product lead of Google Play. Speaking at a deep-dive session at Google’s annual I/O developer conference, the Play team departed from the usual code-speak to reveal an updated approach to app reviews designed to focus on more recent, and thus more relevant, reviews that app and game developers believe will better serve the public and provide a more accurate reflection of their apps.

“Many of you told us that you want a rating that reflects a more current version of your app, not what it was years ago -- and we agree,” Glick said. “So instead of a lifetime cumulative value, your Google Play Store rating will be recalculated to give more weight to your most recent ratings.” Users won’t see the updated rating in the Google Play Store until August, Glick said.

Read more