Malware News Android malware ‘Judy’ hits about 36.5M Phones

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
The security firm Checkpoint on Thursday uncovered dozens of Android applications that infected users’ devices with malicious ad-click software. In at least one case, an app bearing the malware was available through the Google Play app store for more than a year.
fashion-judy-pretty-rapper-style-android-malware.png
Fashion Judy: Pretty Rapper Style is one of dozens of Android apps found to infect mobile devices with malware.

The malicious apps primarily included a series of casual cooking and fashion games under the “Judy” brand, a name borrowed for the malware itself. The nefarious nature of the programs went unnoticed in large part, according to Checkpoint, because its malware payload was downloaded from a non-Google server after the programs were installed. The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.

The infection may have spread even more widely than Checkpoint’s estimates, since not all of the extensive line of “Judy” apps are included on Checkpoint’s tally – it’s missing Fashion Judy: Magic Girl Style and Fashion Judy: Masquerade Style, among others. All installments of the series do appear to have been pulled from Google Play.
The “Judy” apps were published by an apparently Korean entity known as ENISTUDIO. However, iterations of the same attack were found on a handful of apps from other publishers.

This is not the first instance of a malwareinfestation making it through the screening process on Google Play, nor is it the most damaging – Checkpoint did not find any evidence, for instance, that “Judy” compromised data on infected phones. That Judy was able to hide on Google Play for so long highlights the tradeoffs of Android operating system, which is often seen as more open but less secure than Apple’s iOS.
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Being a non perverted grown man, I have no business playing games of this nature.
That being said, I view my LG device as a Phone, I have very few apps installed, a couple for work, and weather
and that's about it. I may root only long enough to remove the junk apps, and even then I un-root afterwords.
I guess I am just a little old school in that reguard, I see my phone as "a phone" and my PC is for fraggin it up :p
Cool share Parsh.
PS: oops I forgot to add, I use AdGuard mobile :)
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Being a non perverted grown man, I have no business playing games of this nature.
That being said, I view my LG device as a Phone, I have very few apps installed, a couple for work, and weather
and that's about it. I may root only long enough to remove the junk apps, and even then I un-root afterwords.
I guess I am just a little old school in that reguard, I see my phone as "a phone" and my PC is for fraggin it up :p
Cool share Parsh.
PS: oops I forgot to add, I use AdGuard mobile :)
Haha, A big picture got copied here on my phone, from the news source.
Purposeful rooting and then unrooting likse you mentioned is exactly what I've been doing till now ;)
I tried AdClear earlier but the exaggerated descriptions on their site and it being non-Play Store app led me to not trust it fully.
Currently using Adguard only.
Screenshot (500).png
 

Cohen

Level 7
Verified
Well-known
May 22, 2016
328
Stuff like this is why I use AFWall for blocking internet-access on all apps unless I allow them access and Adaway for blocking ads system-wide using the hosts file. The rest of my family (the ones who will let me do it at least :p) use Adguard because it's less risky and easier for them to use; I can put it on their phones, set it up right and not have to worry about it.
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
Mobile AV's are good for scanning apps, and for webfilters for your mobile browser. As for scanning the mobile system, they are pretty useless as they can only scan so far into the system due to system restrictions.

If you are not sampling every app in Google Play Store, and vet the ones you do want carefully before downloading you will be just fine in that sense, using the mobile browser, well, that is a different case.

As mentioned, Norton has a great app scanner which will scan the app before you download it, telling you if the app uses high data, or is a battery hog, or if it sends your data off to third party. That said, it can be buggy, and will nag you to install other Norton products even if you have the paid version.

I personally like Eset mobile after testing many, it's light, the UI is very responsive, and it has the best SMS/call filter I have seen yet in the play store, as well as a security audit and security report and does not nag me to install anything else and is average on background resource consumption.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Mobile AV's are good for scanning apps, and for webfilters for your mobile browser. As for scanning the mobile system, they are pretty useless as they can only scan so far into the system due to system restrictions.

If you are not sampling every app in Google Play Store, and vet the ones you do want carefully before downloading you will be just fine in that sense, using the mobile browser, well, that is a different case.

As mentioned, Norton has a great app scanner which will scan the app before you download it, telling you if the app uses high data, or is a battery hog, or if it sends your data off to third party. That said, it can be buggy, and will nag you to install other Norton products even if you have the paid version.

I personally like Eset mobile after testing many, it's light, the UI is very responsive, and it has the best SMS/call filter I have seen yet in the play store, as well as a security audit and security report and does not nag me to install anything else and is average on background resource consumption.
ESET bugged out on me on my phone too many times.

Norton hasn't nagged me once about stuff like that.. Norton just has so many more features compared to all the other security suites on mobile. It can protect almost every browser too, not just Chrome.

Adaway rooted + Ublock origin added to Firefox and i'm golden. (yes, you can add extensions to Firefox on android, i was shocked too, works perfectly fine too.)
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
ESET bugged out on me on my phone too many times.

Norton hasn't nagged me once about stuff like that.. Norton just has so many more features compared to all the other security suites on mobile. It can protect almost every browser too, not just Chrome.

Adaway rooted + Ublock origin added to Firefox and i'm golden. (yes, you can add extensions to Firefox on android, i was shocked too, works perfectly fine too.)
Norton has not nagged you to install it's app lock application or Wi-Fi privacy ect, if it has not, it is because you have these apps, or you just switched. I used these apps for months, and even tried to get Norton to adjust issues with them, but after some time I gave up, because that huge fortune 500 company does not care about it customers, it is evident in their support forum.

As for Eset, I have not had one issue with it, it sits in the background silently.
 
Last edited:

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
I use disconnect pro for Samsung which uses samsung knox technology (firewall) to block ads & trackers universally. It's not a vpn so it does not cause battery drain or other issues. it's available on galaxy apps for free once in a while, otherwise it's quite expensive.
..At least the damage caused by Judy is not a big deal..
 
  • Like
Reactions: Parsh

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
Being a non perverted grown man, I have no business playing games of this nature.
That being said, I view my LG device as a Phone, I have very few apps installed, a couple for work, and weather
and that's about it. I may root only long enough to remove the junk apps, and even then I un-root afterwords.
I guess I am just a little old school in that reguard, I see my phone as "a phone" and my PC is for fraggin it up :p
Cool share Parsh.
PS: oops I forgot to add, I use AdGuard mobile :)
That's a mature attitude, bravo! I think it's good for all of us to prioritize basic reliability for our devices no matter what that means (buying reliable devices, watch out for malicious-bad apps & install only what's needed; the phone is not a playground)
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Norton has not nagged you to install it's app lock application or Wi-Fi privacy ect, if it has not, it is because you have these apps, or you just switched. I used these apps for months, and even tried to get Norton to adjust issues with them, but after some time I gave up, because that huge fortune 500 company does not care about it customers, it is evident in their support forum.

As for Eset, I have not had one issue with it, it sits in the background silently.
ESET's anti-theft modules are bugged as hell, once i replaced my SIM card and couldn't unlock ESET cause the non-default keyboard didn't pop up(ESET blocked it), had to wipe it off from recovery mode to gain access to it. It also randomly crashed a few times.

I plan to buy Norton anyways, if it will start nagging me about their other products, i will get back to you, so far it hasn't.
 
  • Like
Reactions: S3cur1ty 3nthu5145t

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
ESET's anti-theft modules are bugged as hell, once i replaced my SIM card and couldn't unlock ESET cause the non-default keyboard didn't pop up(ESET blocked it), had to wipe it off from recovery mode to gain access to it. It also randomly crashed a few times.

I plan to buy Norton anyways, if it will start nagging me about their other products, i will get back to you, so far it hasn't.
Restarting the phone or using your buddies number that during set up is asked for as a last effort to verify yourself did not unlock it?

I have a friend using Eset also , he has my number listed for this, locked himself out, and could not get back in, we had them verify on my end, and it was unlocked, worked as it should.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Restarting the phone or using your buddies number that during set up is asked for as a last effort to verify yourself did not unlock it?

I have a friend using Eset also , he has my number listed for this, locked himself out, and could not get back in, we had them verify on my end, and it was unlocked, worked as it should.
wasn't in my mind that time.
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
Being a non perverted grown man, I have no business playing games of this nature.
That being said, I view my LG device as a Phone, I have very few apps installed, a couple for work, and weather
and that's about it. I may root only long enough to remove the junk apps, and even then I un-root afterwords.
I guess I am just a little old school in that reguard, I see my phone as "a phone" and my PC is for fraggin it up :p
Cool share Parsh.
PS: oops I forgot to add, I use AdGuard mobile :)


methinks the man doth protest too much, lol.
 

hirudora56

Level 1
Verified
May 16, 2017
25
Generally my phone has some social apps, some work related apps like an office suite, onedrive & a few custom apps. Other than that I use AdAway with custom host list. I rarely see any ads in apps, even in notorious apps like Clean master. (Don;t use it though)
 
  • Like
Reactions: Parsh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top