A security firm has revealed that more than 36 million Android devices may have been infected with a malware ad-click
Checkpoint security researchers according to a blog post said they have found a new type of malware dubbed as ‘Judy’ on around 50 applications that are available to download from Google Play Store. The apps are sitting there and contains malware which probably all the downloaders of that apps have it on their devices.
These apps contains a code that redirects users of infected devices to a targeted webpage, where they generate fake clicks for the website owners eventually making money for the creators.
Reportedly, infected apps from the Google Play Store has been removed.
More than 40 of the infected apps were from South Korean Developer Kiniwini, the developer published mobile games to the Play Store under the name Enistudio.
All of the games featured a character named ‘Judy’ was download by the users from 4 million to 18 million times.
Undetected On Play Store
Other than these apps the malicious code was also found in other apps on the Play Store published by other developers. Checkpoint security analysts said that it could be possible that one borrowed code from the other is working here, intentionally or unintentionally.
Read More: Upgrade your windows 7 before you fall a victim
Checkpoint estimated the number of downloads of these infected apps which could be around 36.5 million. Checkpoint said that they don’t know how long these malicious apps had been available on the store, all Judy games were last updated in March though.
THE MALWARE IS NAMED AFTER THE CHARACTER ‘JUDY’ IN THE APPS
Check Point also suggests that it is expected that malicious codes were sitting on the Play Store undetected for a long time and the number of downloads during this time, indicated the number of infected devices. But it is still not clear when the code was introduced first hence the number of infected devices is unknown either.
How Ad clicks Work
The apps initially passed Google’s Play Store Security systems, Google Bouncer, because the apps did not contain malicious codes inside the apps files.
Once people download the apps, it sneakingly registers the device to remote server, which then sends back the malicious ad-click software in a response, which regularly sends the device users to target site and let them randomly click on ads to make money.
These types of malware’s are becoming common these days and they often overlooked and cannot be detected by anti-malware most of the times because they are triggered remotely from different servers.
The apps also display tons of adverts themselves, some of them are really annoying and cannot be closed until a user even has clicked on them.