"The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it." says Checkpoint.
When a user downloads the application from Google Play Store embedded with Judy, it makes the device hostile and starts to make fake advertisement clicks to generate money for the application developers.
When Checkpoint informed this malware threat to Google, the infecting applications were swiftly removed, but not after the malicious apps reached between 4.5 million and 18.5 million downloads.
Malware Judy is compared with previous malware which infiltrated Google Play, such as FalseGuide and Skinner.
Judy affects your device when hackers make a seemingly harmless app to bypass Bouncer, Google Play’s protection and then get published in the Play Store. When a user downloads the app, it becomes infected and acts as a bridge between the targeted user and the malicious content.
The Checkpoint says "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string, and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden web page and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure".
Judy is possibly one of the largest malware campaigns found on Google Play Store and the number of devices infected are still unknown. The checkpoint is of the view that, users can't rely on official app stores and recommends to implement advanced security protections capable of detecting and blocking mobile malware.
