Korean company, Kiniwini, has developed what is believed to be the largest malware campaign, illegally generating income by automating fake clicks on infected phones. At least 41 apps from the Google Play Store have since been removed but for almost 37 million devices it could already be too late.
The adware, called “Judy”, was only found last week by security firm Checkpoint, even though it has been spread through apps available on Google Play since at least April 2016. The app, called “Chef Judy: Picnic Lunch Maker” was only discovered because of an update, having until now completely averted Bouncer, Google Play’s security. The apps themselves are real games but behind the scenes they bridge themselves from the infected device to the adware server. The server then replies with a string of code: it imitates a PC browser, opening up URLs and auto-clicking ads; all without the user’s consent or knowledge. It’s unclear exactly how many other apps were spreading the malware undetected within the Google Play Store.
Aside from using the actual device’s connection to generate revenue via fraudulent clicks, the malware also displays a huge amount of advertising which frustratingly, forces users to exit by clicking on the actual ads themselves.
Since it was notified by Checkpoint, all contaminated apps have been removed from Google Play. Users are advised to refer to Checkpoint to see which apps are dangerous and should be removed.
Android security and safety is a key priority for alternative app stores like Aptoide, who are continually screening against this type of adware and malware. Being a social app discovery platform, ensuring device safety from malicious code is absolutely critical for Aptoide. Our anti-malware, Aptoide Sentinel, is constantly scanning and filtering every bit of content on the Aptoide store, and our developers are always upgrading this security system to maintain the Aptoide Trusted Security Badge. There are five layers to the rigorous security check on every app in the Aptoide store, including a malware engine at the final stage to analyse app behaviour. As CEO Paulo Trezentos advises "next time you use Aptoide check for the Trusted Stamp, it means it's 100% safe".
All Kiniwi apps, registered on Google Play as Enistudio, have been removed so they are no longer available for download, but the industry leaders are concerned as the malicious code has been found in additional apps which have been built by other developers. It is still unknown whether this was purposely shared or accidentally borrowed between developers.
So, what can you do to be absolutely sure your phone has not been infected with the Judy Malware? Firstly, you are highly advised to review the list of infected apps which have been reported by security firm, Checkpoint. The only other thing you can do for total peace of mind is to reformat your device and totally reset it back to its original factory settings.