It’s not the best month to be working in cybersecurity. Just weeks after a devastating global ransomware attack disabled over 200,000 computers and crippled hospitals in the U.K., a new security risk has been discovered lurking in the background of over 40 Android apps, many of which have been available for download on Google Play for several years.
This widespread hacking campaign has been dubbed the ‘Judy’ malware after its connection to a particular group of games from the South Korean developer Kiniwini, all of which feature a character named Judy in the title. Generally, the games were part of the fashion and cooking genres, with titles like Chef Judy: Picnic Lunch Maker and Fashion Judy: Magic Girl Style.
The malware, which belongs to a family of malicious software called “auto-clicking adware,” was first spotted by security researchers at Check Point. The spread of the virus relies on the use of a difficult-to-detect string of malicious code, which is only visible on the user’s device after the app’s download. Following installation, the apps silently reach out to a remote server, which sends back the malicious adware code to be downloaded onto the device. Once infected, devices are sent to a target page, where they are forced to generate fraudulent clicks on advertisements in order to bring in revenue for the virus’s creators. The sneaky nature of this infection process accounts for at least part of the reason it slipped by Google’s “Bouncer” program, which was introduced in 2012 as a way to counter malware through an automatic scan of all projects uploaded to the Play Store.
The malicious code has been found in all 41 apps put out by the developer Kiniwini, which uploads applications to the Play Store under the name Enistudio. It has also spread to several other apps from different developers on Google Play. It is unclear when the code was introduced to these apps, and where it came from, but the widespread nature of this infection means that the malware could have reached anywhere from 8.5 to 36.5 million users.
Luckily, Google Play has removed the affected apps swiftly, following Check Point’s discovery of the threat, so Judy’s chance of spreading any further is relatively low. But, this doesn’t mean the risk is completely over, as the malware continues to run in the background for all users who still have the apps installed on their devices.
The best thing for concerned Android users to do is to take a quick glance at their app library, and if they see the smiling cartoon face of Judy — whether she’s in Chef form or donning her Magic Girl Style — delete her immediately.
