fbpx

New Malware Could Infect 36.5 Million Android Users Globally

New Malware Could Infect 36.5 Million Android Users Globally

New Malware Could Infect 36.5 Million Android Users Globally

MeetJudy

As many as 36.5 million Android users may have been infected by an advertising fraud malware, thought to be the largest malware campaign ever.

 

With the business world still recovering from the fallout caused by the “WannaCry” ransomware attack, a new threat has arisen. Targeting 10s of millions of Android phone users on one of the world’s most popular app marketplaces, where it has lurked for years.

 

The Malware campaign dubbed “Judy” after one of the infected applications, is an auto-clicking adware which was found on 41 applications developed by a Korean company and spread throughout Google Play Store, one of the world largest application marketplaces.

 

The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenue for the perpetrators while severely hindering the performance of infected mobile devices.

 

The malicious application has been spread through between 4.5million and 18.5 million downloads, some of the infected applications have been available to download from Google Play Store for several years. It is unclear how long the malicious code has existed inside the apps, and therefore the actual numbers remain unclear.

 

Several other apps from different developers also contained the same malware, possibly through borrowing code knowingly or unknowingly. The oldest infected application on the store was last updated in April 2016, which means the malicious code has remained hidden for at least a year undetected.

 

These apps also had as many as 18 million downloads, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.

 

Judy managed to bypass, Google Play’s protection, by being implemented as a benign piece of code inside of the app. Once the user had downloaded the application it silently downloads a receiver which connects to its command center and downloads a malicious payload. Once the malicious payload is on the devices the malware will automatically activate.

 

The malware itself imitates an internet browser, which clicks adverts when users are browsing the internet or playing a game. The fraudulent clicks generate a large revenue for the perpetrators, especially since the malware reached a presumably widespread of people. At this moment, it appears nothing has been stolen from users. But the secret gateway it creates could be used to steal credit card details and other sensitive information from a phone,

 

Google Play Store confirmed today that they had pulled down all policy violating applications from the report.

 

Android currently makes up around 75% of Thailand’s mobile phone market share. Many varieties of malware are able to transfer inside networks like offices and coffee shops. If you think you or your business is infected with malware or ransomware, contact Aware today info@aware.co.th.

 

Other Applications that contained the Judy virus Included:

Credit: CheckPoint

 

Package nameApp nameDateMinMaxDeveloper
com.CoupleDday커플디데이 (커플기념일, 위젯)2-Apr-17100,000500,000Neoroid
com.DogSoundDog Music (Relax)29-Jun-1610,00050,000Neoroid
com.kakaotalkchatanalyst.ks카카오톡 대화분석기25-Feb-161,000,0005,000,000DeepEnjoy
com.PeriodCalendar황금기 알리미 (여성달력)20-Apr-16100,000500,000Neoroid
com.MoneyBook100억 가계부2-Apr-17100,000500,000그린 스튜디오
com.lee.katocpicKatocPic(카톡픽) – 카톡프로필23-Aug-165,00010,000Wontime
com.appnapps.app77필수추천 무료어플 775-Feb-171,000,0005,000,000App&Apps
com.sundaybugs.spring.freeSpring-It’s stylish, it’s sexy30-Sep-161,000,0005,000,000Sundaybugs
com.lx5475.craftingbox2Crafting Guide for Minecraft4-May-17500,0001,000,000JIZARD
Total  4,215,00018,060,000 
New Malware Could Infect 36.5 Million Android Users Globally

About Sean Allan

Digital Marketing Manager at Aware Group: Working his way through the world of technology and Thailand as best as he can. Happy to contribute to other tech publications.