As the world was still recovering from the WannaCrypt ransomware attack, a malware called Judy hit over 36.5 million Android-based phones, making its way through Google Play Store.
According to cybersecurity firm Check Point, dozens of malicious apps have been downloaded between 4.5 million to 18.5 million times. Some of the malware-affected apps have been discovered residing on Google Play for several years.
Judy is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
“The entire ecosystem of free mobile OS is built around generating advertising revenues, and the operating systems grants apps with certain privileges to display these ads,” Amit Jaju, executive director, Fraud Investigation and Dispute Services, EY India, said in a statement.
According to Jaju, they noticed certain Indian apps with a potentially malicious code when displaying ads.
“Therefore, users should review all installed apps to have proper security settings and tools in place. One should avoid installing free apps and those from unknown sources,” he suggested.
After the malware-affected apps were discovered by Check Point, Google removed them from the Play Store.
The malicious apps primarily included a series of casual cooking and fashion games under the Judy brand, a name borrowed for the malware itself.
Judy is an auto-clicking adware which was found on 41 apps developed by a Korean company that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.
The nefarious nature of the programmes went unnoticed in large part because its malware payload was downloaded from a non-Google server after the programmes were installed.
The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.
It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.
Previously, Android-based devices were hit by similar malware like FalseGuide and Skinner that also infiltrated through Google Play.