As the world was still recovering from the "WannaCrypt" ransomware attack, a malware called "Judy" hit over 36.5 million Android-based phones, making its way through Google Play Store.
According to cyber security firm Check Point, dozens of malicious apps have been downloaded between 4.5 million to 18.5 million times. Some of the malware-affected apps have been discovered residing on Google Play for several years.
"Judy" is one such case of how an open and free mobile operating system (OS) can be exploited by malicious app developers.
"The entire ecosystem of free mobile OS is built around generating advertising revenues, and the operating systems grants apps with certain privileges to display these ads," Amit Jaju, Executive Director, Fraud Investigation and Dispute Services, EY India, said in a statement.
According to Jaju, they noticed certain Indian apps with a potentially malicious code when displaying ads.
"Therefore, users should review all installed apps to have proper security settings and tools in place. One should avoid installing free apps and those from unknown sources," he suggested.
After the malware-affected apps were discovered by Check Point, Google removed them from the Play Store.
The malicious apps primarily included a series of casual cooking and fashion games under the "Judy" brand, a name borrowed for the malware itself.
"Judy" is an auto-clicking adware which was found on 41 apps developed by a Korean company that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.
The nefarious nature of the programmes went unnoticed in large part because its malware payload was downloaded from a non-Google server after the programmes were installed.
The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.
It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.
Previously, Android-based devices were hit by similar malwares like "FalseGuide" and "Skinner" that also infiltrated through Google Play.
--IANS
qd/na/bg
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app