SecurityWatchAs outlined by security firm Check Point, 41 applications developed by Korea-based Kiniwini and published under the moniker ENISTUDIO Corp., "infected devices to create large amounts of dishonest clicks on advertisements which generating revenues for those behind it."
It's "possibly that this malware is the largest malware campaign on Google Play," according to Check Point
Google "swiftly" removed their apps from Play Store after being alerted to their existence, Check Point says, but not before they "reached an astonishing spread between 4.5 million to 18.5 million downloads." Some were available in Play store for several years.
"It is unclear how long the malicious code existed inside the apps. Hence the actual spread of the Judy malware has remained unknown," Check Point says, the download numbers mean "the total spread of the Judy malware may have reached between 8.5 and 36.5 million users."
Judy Malware
This malware was dubbed Judy by Check Point after the title character in Kiniwini's apps. Chef Judy: Picnic Lunch Maker, for example, encourages players to "create delicious food with Judy." But Judy-themed games ran the gamut, from "Animal Judy" and "Fashion Judy."
How does Judy infect your device? The Hackers create a simple app that can get around Google's Bouncer security screening and is added to an app store.
"Once a user downloads the app, it silently registers the receivers which establish a connection with the [Command and Control] server," Check Point says. "The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string, and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure."
Check Point likens Judy to two previous exploits: FalseGuide and Skinner. And like another bug, DressCode, Judy hid behind good reviews. "Hackers can hide their apps' real intentions or even manipulate users into leaving positive ratings, in some cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware," Check Point says.
Kiniwini develops apps for Android and iOS, Check Point says, but it did not mention any problems with the iOS apps. As of Sunday afternoon, 45 ENISTUDIO Corp. Judy apps are available in the App Store, most of which appear to have last been updated on March 31.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated