The Judy Malware-Android

Up to 36.5 million Android devices may have been infected by malware that produced fake ad clicks and lined the pockets of its developers. 41 apps developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., “infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.

Google “swiftly” removed the apps from Google Play after being alerted to their existence, but not before they “reached an astonishing spread between 4.5 million and 18.5 million downloads.
judy-malware

Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.

Keep your Android device protected with the updated Max Total Security for Android.

Despite apps going through periodic reviews, Google’s Play Store security system, named Bouncer, wasn’t able to pick up the malware’s malicious activity.
Google launches new Android security services

On May 17, during the Google I/O annual event, Google announced a new service called Google Play Protect. According to Google, this new service continuously scans all Android apps and user devices for malicious behavior and uses machine learning to detect any suspicious activity. Once it detects a malicious app, it removes it from the phones of all users who installed it.

The new Google Play Protect service suite is currently shipping to all devices with the Google Play app installed.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>