After WannaCry, it's Judy now: malware hides in apps, infects 3.65cr devices

Security firm Checkpoint on Thursday discovered 41 Android apps and counting, developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., set into motion fraudulent activities on the devices they were downloaded on. These apps are available on Google Play Store.

In a detailed blog post, the US-based cyber security service claimed that the malware had already spread to 36.5 million (3.65 crore) users, making it potentially the most widely-spread malware yet found on Google Play.

The malware "infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it", states the blog. These apps typically spanned the casual cooking and fashion games categories, under the “Judy” brand, the name that has now also been conferred on the malware now. Some apps that Checkpoint missed in their tally were Fashion Judy; Magic Girl Style and Fashion Judy; Masquerade Style.

In fact, one of these apps containing the malware were available on Google Play Store for over a year. However, Google removed the apps after being notified by Checkpoint.

Checkpoint explains that the viruses that came with these programmes went largely unnoticed because while the programmes were installed through Google, the official source, the malware code was downloaded from a non-Google server. This code would then enable automatic clicks on Google ads through the phones.

This comes as the latest in a string of malware and ransomware attacks and database hacks that have been orchestrated over the last few weeks all over the world, like the WannaCry ransomware attack that affected 56 crore systems, and the Zomato database hack wherein over 17 million IDs and hashed passwords were leaked.