Jump to content

The Judy Malware: Possibly the largest malware campaign found on Google Play

vorticalbox

http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/

 

A list of all infected apps is in the article linked above as well as hashes of them all. 

 

Quote

Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company.

 

Quote

The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.

This has been noted a over the years about the way play store works and how it can he abused with malware.

 

4.5-18.5 downloads all clicking ads would create one hell of a revenue.

 

at some point google is going to have to crack down harder on apps seeing as declaring permissions is clearly not enough. 

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, vorticalbox said:

http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/

 

A list of all infected apps is in the article linked above as well as hashes of them all. 

 

 

This has been noted a over the years about the way play store works and how it can he abused with malware.

 

4.5-18.5 downloads all clicking ads would create one hell of a revenue.

 

at some point google is going to have to crack down harder on apps seeing as declaring permissions is clearly not enough. 

Wow, everything for Chef vampires to a period calendar. Epic.

 

Not sure why people downloads all this crap to begin with. I'm not too surprised since I don't really trust any publisher I don't know by name.

 

I wonder if they've exploited any of the iOS so they created as well.

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, vorticalbox said:

4.5-18.5 downloads all clicking ads would create one hell of a revenue.

one click is only like one cent, so that's only a few dollars

yes i joking

QUOTE/TAG ME WHEN REPLYING

Spend As Much Time Writing Your Question As You Want Me To Spend Responding To It.

If I'm wrong, please point it out. I'm always learning & I won't bite.

 

Desktop:

Delidded Core i7 4770K - GTX 1070 ROG Strix - 16GB DDR3 - Lots of RGB lights I never change

Laptop:

HP Spectre X360 - i7 8560U - MX150 - 2TB SSD - 16GB DDR4

Link to comment
Share on other sites

Link to post
Share on other sites

So basically, don't install any apps with "Judy" in the name and you're good.

CPU: Ryzen 9 3900X | Cooler: Noctua NH-D15S | MB: Gigabyte X570 Aorus Elite | RAM: G.SKILL Ripjaws V 32GB 3600MHz | GPU: EVGA RTX 3080 FTW3 Ultra | Case: Fractal Design Define R6 Blackout | SSD1: Samsung 840 Pro 256GB | SSD2: Samsung 840 EVO 500GB | HDD1: Seagate Barracuda 2TB | HDD2: Seagate Barracuda 4TB | Monitors: Dell S2716DG + Asus MX259H  | Keyboard: Ducky Shine 5 (Cherry MX Brown) | PSU: Corsair RMx 850W

Link to comment
Share on other sites

Link to post
Share on other sites

48 minutes ago, Michael McAllister said:

If this is referencing the Cloak and Dagger vulnerability, this issue is much more severe than just avoiding certain apps.

While the article explains the vulnerability in extensive detail, it does not make suggestions on how to protect from this sort of attack beyond treating every app with scrutiny. 

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites

Link to post
Share on other sites

On 2017. 05. 31. at 3:45 AM, Zodiark1593 said:

While the article explains the vulnerability in extensive detail, it does not make suggestions on how to protect from this sort of attack beyond treating every app with scrutiny. 

Install LineageOS or any other cooked ROM that has a permission control system...

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, jagdtigger said:

Install LineageOS or any other cooked ROM that has a permission control system...

but then you would have to block every single app from using:

 

SYSTEM_ALERT_WINDOW ("draw on top")

and
BIND_ACCESSIBILITY_SERVICE ("a11y")

 

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, vorticalbox said:

but then you would have to block every single app from using:

 

SYSTEM_ALERT_WINDOW ("draw on top")

and
BIND_ACCESSIBILITY_SERVICE ("a11y")

 

Still better than nothing ;) . Plus as far as Lineage OS is concerned if you have Privacy Guard enabled by default it will ask for the permissions first, separately for each one.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, jagdtigger said:

it will ask for the permissions first, separately for each one.

sounds annoying :/ it might be better than nothing but a lot of apps use these and there is no way to tell if it's being abused.

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, vorticalbox said:

sounds annoying :/ it might be better than nothing but a lot of apps use these and there is no way to tell if it's being abused.

Well this is the point where you have to make difficult choices. Which is more important. Comfort or security? 9_9 Unfortunately in this world you have to always balance between security, comfort, and usability. But of you think about it none of the apps on our phones relays so important massage that if you dont read it a catastrophe can happen so IMO its not a big deal if they cant draw on top. As for accessibility, well its a though one. The ones in need of this function will be in a though spot, the only option is to only install apps from trusted developers.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×