Moneycontrol PRO

Don’t wanna cry after meeting Judy? How to secure your mobile from malware

A Korean firm developed 41 such malicious apps and was able to bypass Google's security protocols on the Play Store, thereby making the app available for download.

August 03, 2017 / 02:42 AM IST

Security firm Checkpoint on Thursday revealed that around 36.5 million Android devices were likely infected by a malware, dubbed as ‘Judy’, after downloading apps developed by South Korea-based Kiniwini and published under the name of ENISTUDIO Corp.

The Korean firm developed 41 such malicious apps and was able to bypass Google's security protocols on the Play Store, thereby making the app available for download.

While the full reach of this malware is still unknown, Checkpoint says that it is potentially the most widely-spread malware yet found on Google Play.

What is Judy?

The malware, named Judy by Checkpoint after the title character in Kiniwin’s apps, is an auto-clicking adware which uses infected devices to generate a large volume of fraudulent clicks on advertisements, thereby generating revenues for the culprits behind it.


Google has removed the malicious apps from the store on Checkpoint’s recommendation and has updated its protection mechanism to scan apps.

Why Android?

Experts have pointed out time and again that among mobile phone malware attacks, Android smartphones are largely targeted by hackers as the Android app market provides an open platform.

In its Threat Intelligence Report for the second half of 2016, Nokia reported that among all the infections in smartphones, Android phones were targeted 81 percent of the time.

Mobile device infection by device type, H2 2016


How to protect your phone from Judy and her friends?

- Do not download apps from unauthorised or illegitimate app stores.

- Before downloading an app, read through its privacy policy to make sure that it will not share your personal information.

- When connected to public Wi-Fi, don’t view or share sensitive personal information.

- Only browse and download applications using a secure wireless network.

- Choose a good antivirus app for your phone.

- Even though Judy tricked Google’s malware scanner, Bouncer, it is still a good practice to make sure that you download apps that are scanned by it.

“Mobile devices are heavily prone to cyber threats, especially when users do not exercise caution while accessing links or downloading apps," said Rohit Kumar, EVP and Head of Paladion OnDemand. "The recent Judy Malware has thrown the Android ecosystem out of gear with an estimated 36 million handsets affected. Downloading unknown apps opens a vicious threat cycle that can have a spiraling effect and even render your handset dysfunctional.”

“With the spread of cybercrime, one can never be too sure of where the next threat will come from. Caution is the best policy once can adopt, including making a prudent investment in a good mobile security solution,” he added.

Sidhartha Shukla
first published: May 30, 2017 09:07 am
ISO 27001 - BSI Assurance Mark