Not too long ago, security researchers unmasked several game apps in the Google Play Store that were just a front for insidious adware. At the time, the researches didn’t list the relevant apps (which had apparently already infected somewhere between 5 -18 million smartphones), but now we’ve got a clearer picture of which apps we should avoid or uninstall. Interestingly enough, the majority of apps have a common trait – the name Judy.
I would like to try playing games with a TV box.
What do you think?
Profit-driven malware developers have managed to create their own money printing machine in the Google Play Store, and it’s all thanks to a simple update. 41 apps from the Korean developer Kiniwini – which are available in the Play Store under the ENISTUDIO corp brand – were updated with adware code. It’s still unclear whether the company did this deliberately or if one of the developers (ab)used their position to insert the code. What is certain thought is that the apps had been available for download for quite some time, and only recently (and almost simultaneously) received the malicious code per update. The oldest updates date back to April 2016, which makes both the scope and duration of the attack unclear.
An adware infected app hiding behind a 4.2 star rating / © Checkpoint
The security researchers from Checkpoint were also able to identify the same malware in other third-party apps, increasing the potential spread of infected users up to 36.5 million. In the meantime, all Judy apps have been banned from the Play Store, but if you are using one of the following apps on your device, you should uninstall them now.
- Fashion Judy: Snow Queen style
- Animal Judy: Persian cat care
- Fashion Judy: Pretty rapper
- Fashion Judy: Teacher style
- Animal Judy: Dragon care
- Chef Judy: Halloween Cookies
- Fashion Judy: Wedding Party
- Animal Judy: Teddy Bear care
- Fashion Judy: Bunny Girl Style
- Fashion Judy: Frozen Princess
- Chef Judy: Triangular Kimbap
- Chef Judy: Udong Maker – Cook
- Fashion Judy: Uniform style
- Animal Judy: Rabbit care
- Fashion Judy: Vampire style
- Animal Judy: Nine-Tailed Fox
- Chef Judy: Jelly Maker – Cook
- Chef Judy: Chicken Maker
- Animal Judy: Sea otter care
- Animal Judy: Elephant care
- Judy’s Happy House
- Chef Judy: Hotdog Maker – Cook
- Chef Judy: Birthday Food Maker
- Fashion Judy: Wedding day
- Fashion Judy: Waitress style
- Chef Judy: Character Lunch
- Chef Judy: Picnic Lunch Maker
- Animal Judy: Rudolph care
- Judy’s Hospital:pediatrics
- Fashion Judy: Country style
- Animal Judy: Feral Cat care
- Fashion Judy: Twice Style
- Fashion Judy: Myth Style
- Animal Judy: Fennec Fox care
- Animal Judy: Dog care
- Fashion Judy: Couple Style
- Animal Judy: Cat care
- Fashion Judy: Halloween style
- Fashion Judy: EXO Style
- Chef Judy: Dalgona Maker
- Chef Judy: ServiceStation Food
- Judy’s Spa Salon
- 커플디데이 (커플기념일, 위젯)
- Dog Music (Relax)
- 카카오톡 대화분석기
- 황금기 알리미 (여성달력)
- 100억 가계부
- KatocPic(카톡픽) – 카톡프로필
- 필수추천 무료어플 77
- Spring-It’s stylish, it’s sexy
- Crafting Guide for Minecraft
The adware managed to secretly bypass “Bouncer” – Google’s Play Store protection mechanism. All of the technical details and an overview of the code is explained in a Checkpoint blogpost. What the “infected” app does is quite simple – it loads and clicks visible (and hidden in the background) ad banners. Those banner impressions and clicks then give the adware author a nice boost in illegitimate sales. Another unpleasant side effect is that the original app, which might have been useful in the beginning, now becomes unusable and leaches off your mobile data.
Just because an App has good ratings doesn’t mean the App is actually any good
What do you think?
The fact that the apps continued to maintain their strong ratings in the Play Store can also be attributed to the skill of adware creators. Often, users are forced to give five-star ratings in apps in order to continue using them or they are tricked into giving ratings by other means.
Users of Android smartphones are hardly able to defend themselves against such spontaneous attacks. Anti-malware apps can only advise against installing an app, but they do not remove malware or prevent its installation due to system restrictions. Real protection is only done at the kernel level, and this is only happens with the (infrequent) system updates.
Have you been affected by this adware issue? Let us know in the comments below.