Major Security Threat For Millions Of Android Phone Users
Leading security group Checkpoint has identified a new type of Android malware that infected users’ devices with malicious ad-click software, they claim that more than 36 million devices could be affected.
The malware was included in several apps sold via the official Google Play Store, if so this is the largest malware attack the Store has ever witnessed.
At this time, the actual number of infected users remains unconfirmed, but Checkpoint warns the malware was present in some apps that had been available on the Play Store for “several years”.
Checkpoint executives claim that malware “is an auto-clicking adware which was found on 41 apps developed by a Korean company.”
Checkpoint says ‘Judy’ generates fraudulent clicks on ads, which results in revenue for the perpetrators, who created a “benign bridgehead app”, which inserts a connection to the users’ phone into the app store.
That means once a user downloads an app, it “silently registers receivers which establish a connection with the C&C server,” which in turn replies with the “malicious payload.”
Google has reportedly removed the infected apps, which comprised several cooking and fashion games using the ‘Judy’ brand, from its Play Store after being notified by Checkpoint.
Executives from Checkpoint said, “The oldest app of the second campaign was last updated in April 2016”, meaning that the malicious code hid for a long time on the Play store undetected.
“These apps also had many downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.”
The Korean publisher thought to be responsible for the infected apps is reportedly known as “ENISTUDIO,” though other publishers have also been said to have released apps with the malware included.