Android malware may have infected up to 36.5 million users.
Dubbed ‘Judy’, the malware was found on over 40 apps, many of which were available to download from Google Play for “several years”.
CheckPoint, which spotted the malware, has described it as “possibly the largest malware campaign” found on the Play Store.
The researchers say Judy “uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.”
41 of the infected apps are said to have been developed by a Korean company called Kiniwini, and registered on Google Play as ENISTUDIO corp.
It makes a range of apps that feature character called Judy, including Chef Judy, Princess Judy and Fashion Judy. One such game, called Chef Judy: Picnic Lunch Maker, had a 4.2 rating and been downloaded up to one million times. These included cooking and fashion games, such as Chef Judy: Picnic Lunch Maker.
Unusually, many of the apps were rated highly by users, but this could be due to manipulation rather than a genuinely positive user experience.
“A high reputation does not necessarily indicate that the app is safe for use,” explains CheckPoint in a blog post.
“Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly.”
The Judy malware was also found on several apps created by other developers.
“The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly,” says CheckPoint.
Google has been notified about the malware, and has removed the infected apps from the Play Store.
Fraudulent Android virus
The malware apps, which are summarised under the name Judy, enables automatic clicks on websites when adverts pop up. When ads appear on a web page, the malware leaves a click, and this means that the generated clicks earns money for the fraudsters.
This is a complicated and sophisticated procedure which has left the fraudsters undetected for a very long time. If you download these apps, you will not even notice the fraud. In the background, after the app is downloaded, the additional malicious code is downloaded and then the fraud is carried out.
We strongly recommend running security software on all Android devices including phones and Tablets. Panda is one of the best programs to use. You can find out more here.
Malware isn’t new on the Google Play Store, but the company has done a lot in recent years to curb it being inserted in the apps the store hosts. In 2012, Google introduced project ‘Bouncer’ that automatically scans products uploaded and blocks software that may be malicious. Despite this, malware does slip through the cracks.
In addition, Google Play Protect automatically checks apps before they are downloaded and will remove harmful apps from devices. The feature, which can be accessed through the Google Play Store’s app menu, will provide information about the status of a device.
It is also important to regularly update any apps and operating systems to the latest versions.
What is Clickjacking?
If you accidentally install a malware app on your Android phone, Clickjacking method hackers can control your mobile phone even by remote control using clickjacking. You don’t even need to open the App for them to do this.
You must grant certain rights to apps, so you can use them. With WhatsApp, you must first grant the app access to the microphone, so you can send a voice message. And if you want to take a photo with WhatsApp, you have to grant access to the camera. This mode will give you full control over your phone. How do hackers manage to get around this?
Clickjacking method grants full access to your phone
The Clickjacking method (also called “Cloak and Dagger”) gives hackers full access to your mobile phone. How is this possible if you have granted an app for certain tasks but no rights? An app promises to show you an introductory video for a certain app, where you follow the next step in the tutorial with “Ok” or ” Continue “. The app was however manipulated by hackers so that behind the confirmation for the video is actually the access to the rights for the mobile phone.
Spyware App will scan your private data
Clickjacking is an app that works like a spyware. An article on the website lifewire has also talked about this topic and how to protect yourself. The hackers obtain the rights to access your mobile phone using a a sneaky method: In the background, your mobile phone is remote-controlled without your knowledge. If the hackers have control of your mobile phone via the malicious software app, they can read e-mails and messages. This allows hackers to understand which banking apps you use. In theory, this vulnerability will probably only be comprehensively addressed with the new Android version Android O. However, you need to make sure you install this update when it comes out and until then, be careful when installing new apps for your phone.