01 Jun New Malware Could Infect 36.5 Million Android Users Globally
As many as 36.5 million Android users may have been infected by an advertising fraud malware, thought to be the largest malware campaign ever.
With the business world still recovering from the fallout caused by the “WannaCry” ransomware attack, a new threat has arisen. Targeting 10s of millions of Android phone users on one of the world’s most popular app marketplaces, where it has lurked for years.
The Malware campaign dubbed “Judy” after one of the infected applications, is an auto-clicking adware which was found on 41 applications developed by a Korean company and spread throughout Google Play Store, one of the world largest application marketplaces.
The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenue for the perpetrators while severely hindering the performance of infected mobile devices.
The malicious application has been spread through between 4.5million and 18.5 million downloads, some of the infected applications have been available to download from Google Play Store for several years. It is unclear how long the malicious code has existed inside the apps, and therefore the actual numbers remain unclear.
Several other apps from different developers also contained the same malware, possibly through borrowing code knowingly or unknowingly. The oldest infected application on the store was last updated in April 2016, which means the malicious code has remained hidden for at least a year undetected.
These apps also had as many as 18 million downloads, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.
Judy managed to bypass, Google Play’s protection, by being implemented as a benign piece of code inside of the app. Once the user had downloaded the application it silently downloads a receiver which connects to its command center and downloads a malicious payload. Once the malicious payload is on the devices the malware will automatically activate.
The malware itself imitates an internet browser, which clicks adverts when users are browsing the internet or playing a game. The fraudulent clicks generate a large revenue for the perpetrators, especially since the malware reached a presumably widespread of people. At this moment, it appears nothing has been stolen from users. But the secret gateway it creates could be used to steal credit card details and other sensitive information from a phone,
Google Play Store confirmed today that they had pulled down all policy violating applications from the report.
Android currently makes up around 75% of Thailand’s mobile phone market share. Many varieties of malware are able to transfer inside networks like offices and coffee shops. If you think you or your business is infected with malware or ransomware, contact Aware today email@example.com.
Other Applications that contained the Judy virus Included:
|Package name||App name||Date||Min||Max||Developer|
|com.CoupleDday||커플디데이 (커플기념일, 위젯)||2-Apr-17||100,000||500,000||Neoroid|
|com.DogSound||Dog Music (Relax)||29-Jun-16||10,000||50,000||Neoroid|
|com.PeriodCalendar||황금기 알리미 (여성달력)||20-Apr-16||100,000||500,000||Neoroid|
|com.MoneyBook||100억 가계부||2-Apr-17||100,000||500,000||그린 스튜디오|
|com.lee.katocpic||KatocPic(카톡픽) – 카톡프로필||23-Aug-16||5,000||10,000||Wontime|
|com.appnapps.app77||필수추천 무료어플 77||5-Feb-17||1,000,000||5,000,000||App&Apps|
|com.sundaybugs.spring.free||Spring-It’s stylish, it’s sexy||30-Sep-16||1,000,000||5,000,000||Sundaybugs|
|com.lx5475.craftingbox2||Crafting Guide for Minecraft||4-May-17||500,000||1,000,000||JIZARD|
- What is Microsoft Office 365 Business Premium? Plans & Pricing - June 13, 2019
- The 5 Ways We Build White Hat SEO Backlinks (with Examples) – B2B Corporate Marketing - May 3, 2019
- What makes Google Mobile Advertising so powerful? - January 30, 2019
- Protected: The Face Off: G Suite vs Office 365 – Who Battles to Business Victory? - January 9, 2019
- Thailand’s Great Cybersecurity Push - December 11, 2018
- Financial Services: IT Security & Cyber Protection in Banks from Malware and More - October 26, 2018
- Powering Thailand 4.0 - October 22, 2018
- Meet Gozi: The Number 1 Financial Malware - October 19, 2018
- Meet the Gazorp Malware Builder - October 18, 2018
- What is Artificial Intelligence: Machine & Deep Learning - September 7, 2018