Security firm Checkpoint on Thursday revealed that around 36.5 million Android devices were likely infected by a malware, dubbed as ‘Judy’, after downloading apps developed by South Korea-based Kiniwini and published under the name of ENISTUDIO Corp.
The Korean firm developed 41 such malicious apps and was able to bypass Google's security protocols on the Play Store, thereby making the app available for download.
While the full reach of this malware is still unknown, Checkpoint says that it is potentially the most widely-spread malware yet found on Google Play.
What is Judy?
The malware, named Judy by Checkpoint after the title character in Kiniwin’s apps, is an auto-clicking adware which uses infected devices to generate a large volume of fraudulent clicks on advertisements, thereby generating revenues for the culprits behind it.
Google has removed the malicious apps from the store on Checkpoint’s recommendation and has updated its protection mechanism to scan apps.
Experts have pointed out time and again that among mobile phone malware attacks, Android smartphones are largely targeted by hackers as the Android app market provides an open platform.
In its Threat Intelligence Report for the second half of 2016, Nokia reported that among all the infections in smartphones, Android phones were targeted 81 percent of the time.
Mobile device infection by device type, H2 2016
How to protect your phone from Judy and her friends?
- Do not download apps from unauthorised or illegitimate app stores.
- When connected to public Wi-Fi, don’t view or share sensitive personal information.
- Only browse and download applications using a secure wireless network.
- Choose a good antivirus app for your phone.
- Even though Judy tricked Google’s malware scanner, Bouncer, it is still a good practice to make sure that you download apps that are scanned by it.
“Mobile devices are heavily prone to cyber threats, especially when users do not exercise caution while accessing links or downloading apps," said Rohit Kumar, EVP and Head of Paladion OnDemand. "The recent Judy Malware has thrown the Android ecosystem out of gear with an estimated 36 million handsets affected. Downloading unknown apps opens a vicious threat cycle that can have a spiraling effect and even render your handset dysfunctional.”
“With the spread of cybercrime, one can never be too sure of where the next threat will come from. Caution is the best policy once can adopt, including making a prudent investment in a good mobile security solution,” he added.