Source: The Sun

According to a security firm, more than 36 million Android devices may have been infected with ad-click malware. The research team at Check Point said that they found the malware, codenamed Judy, on around 50 applications in Play Store of Google.

Infected apps have been removed from the Play Store

The applications contain code that sends infected device to a target webpage where they generate fraudulent clicks on the adverts of the site to make money for its creators. The infected apps have now been removed from the Play Store. The games have been downloaded between four million to 18 million times. These games – all of them – feature a character called Judy, notes BBC News.

More than 40 of the apps were from Kiniwini -a South Korea-based developer – which publishes games under the name Enistudio to the Play Store. The dangerous code was not just found on app by Kinwini but also on apps from other developers. The research team at Check Point said “It is possible that one borrowed code from the other, knowingly or unknowingly.” The infected apps between them may have been downloaded for over 36.5 million times.

Researchers of Check Point said that it did not know for how long the harmful versions of the apps had been available on the Play Store but all the Judy games had been updated since March this year. The malware, which has been codenamed after the main character – Judy – in the affected games, is very dangerous for android phones.

The malware hid on the Play Store for a long time: Check Point

In April last year, the oldest of the apps from other developers was last updated, which according to CheckPoint means that the malicious code hid on the Play Store undetected for a long time.

The report by BBC News says, “Because it is unclear when the code was introduced to each of the apps, the actual number of devices likely to have been infected is unknown.” The report notes that the applications got past the protection system of the Play Store – Google Bouncer – because they do not contain the malicious part of the Judy code. The apps, once downloaded, register the android phone to a remote server silently. This remote server responds by sending back the malicious ad-click software to open a hidden website and generate revenue for the site by clicking on the adverts.

In an interview to BBC News, Andrew Smith, a senior lecturer in Networking at the Open University, said “This kind of delivery has become commonplace.” Smith added, “There are many tools available, and the advantage is that the malware distributor can change them remotely, which makes it difficult for anti-malware software to keep up.”