Threat Database Malware Judy Malware

Judy Malware

By GoldSparrow in Malware

Malware researchers reported a malware campaign distributed through corrupted applications on Google Play. This malware, known as the Judy Malware, is a malware threat that monetizes online advertising. The Judy Malware was created by Korean malware developers and seemed to have affected at least 41 different applications on the Google Play store. These applications have been downloaded an enormous amount of times, at least 18 million times! Some of the applications affected by the Judy Malware had been available on Google Play for years, although all had received recent updates. Because of this, it is still uncertain how much time these applications were infected with the Judy Malware while available for download. PC security researchers ask computer users to confirm that any applications associated with the Judy Malware attacks have been removed from their devices.

The Judy Malware is Active for Some Years

The Judy Malware campaign may be, in fact, more than one campaign, and it is possible that different versions of the Judy Malware were developed with code that was borrowed from one malware developer to another. The oldest application associated with the Judy Malware in a subsidiary campaign was updated in April 2016, meaning that the Judy Malware code was available on Google Play for at least this amount of time. The Judy Malware functions by connecting to a Command and Control server once installed onto the victim's computer and carries out harmful activities on the victim's computer. Once PC security researchers notified Google of the affected applications and the existence of the Judy Malware threat, it seems that all applications associated with the Judy Malware were removed from Google Play.

How the Judy Malware Works

One outstanding aspect of the Judy Malware campaign was how criminals managed to bypass the security measures on Google Play, doing this via a bridgehead application that connects to the victim's device. When the application is downloaded, it connects to its Command and Control server automatically. Then, using this connection, the application downloads corrupted code in the form of a JavaScript and compromised URLs, which install the Judy Malware onto the victim's computer via a series of hidden websites launched on the infected device's Web browser. The purpose of these corrupted scripts associated with the Judy Malware is to click on banners and Google advertisements repeatedly, generating ad revenue at the expense of the victim. The malware developers monetize the Judy Malware campaign by receiving payments from the products and websites that profit from the advertisements 'clicked' by devices infected with the Judy Malware. Considering that tens of millions of Android users may have been affected by the Judy Malware, the potential profits for these attacks are huge.

Who Created the Judy Malware Threat

A company in Korea named Kiniwini developed all the applications infected with the Judy Malware. This company is registered on Google Play as ENISTUDIO corp and develops mobile applications on iOS and Android. It is surprising to observe that a legitimate application developer is behind the Judy Malware attacks, which would usually be created by criminals and shady organizations. The Judy Malware is not a gray area of online advertisements, which often happens, but uses the victims' devices in an illicit way for the benefit of the attackers. The Judy Malware is in the malware camp firmly rather than on the border between potentially unsafe or suspicious content. These activities have not gone unnoticed, and various suspicious users have left comments and low ratings on the advertisements. However, all the majority of the applications associated with the Judy Malware attacks had positive ratings, meaning that they were successful in carrying out the activities of the Judy Malware in the background without the victim's knowledge.

Related Posts


Most Viewed