Researchers have discovered what could possibly be the “largest malware campaign found on Google Play”, a Korean auto-licking adware dubbed “Judy”.
While the newest wave of malware doesn’t extort victims via ransomware or credentials theft, it does propagate an auto-clicking adware to generate significant amounts of faux ‘clicks’ on advertisements to monetize its developers.
Researchers at Check Point have claimed that the malware ridden apps could have reached a mammoth spread between 4.5 million and 18.5 million downloads, according to data from Google Play.
The malicious apps have been available on Google Play for multiple years, according to Check Point, who further revealed that they were all updated recently. Still, the actual spread of the malware is a mystery, as researchers are yet to ascertain how long the malicious code has existed inside the apps.
Judy, like other successfully infiltrating Google Play malware before it, communicates with its Command and Control (C&C) server for its operation.
Researchers revealed the Judy’s exploit mechanism while operating on victims’ devices.
The same malware has been discovered in other applications developed separately by other devs. “The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly,” researchers wrote.
The second campaign’s oldest app was last updated in April 2016. In other words, the malicious code has been available on the Play Store, undetected, for over a year. The second campaign’s download count of infected apps is anywhere between 4 and 18 million. Which leaves up to 36.5 million users possibly infected by the adware malware.
Upon learning of the threat from the researchers, Google has since removed the malicious apps from the Play Store.
Image credit: Pixabay.