Auto-clicking Adware Called Judy Found in Dozens of Play Store Applications

Auto-clicking Adware Called Judy Found in Dozens of Play Store Applications

Last week, a new type of adware was discovered to be on at least 41 different applications in the Google Play Store. This was discovered by the Check Point security research team, and the details were then passed along to Google. These infected applications and games have been removed from the Play Store, but their install counts were able to reach between 4.5 million and 18.5 million. The adware in question is now being referred to as Judy.

This piece of adware was able to bypass Google’s Bouncer protection feature by creating what seemed like a benign bridgehead application. So once one of these malicious applications were downloaded, it proceeded to silently register receivers so that it could establish a connection with the C&C server. This server would then reply with a payload that was actually malicious (which includes JavaScript code), a user-agent string and then some URLs which were controlled by the owner of the server.

The malware would then proceed to open up the URLs with the user-agent string so it can imitate a PC browser that is all hidden to the user. That would then redirect them to another website and then it starts to use that JavaScript code to locate and then click on ads provided by Google’s own advertising platform. So the whole point was to infect as many smartphones and tablets as possible so they could rake in some money by making you click on ads without your consent.

Judy wasn’t some adware that was being used by a lot of people either. All of the malicious applications that were detected in the Play Store were all published by a Korean company named Kiniwini. This account was registered as a developer on Google Play by a company called ENISTUDIO corp, which actually develops applications for both Android and iOS.

Source: Check Point

Discuss This Story

Want more posts like this delivered to your inbox? Enter your email to be subscribed to our newsletter.