Judy: Things you need to know about the newest malware affecting millions of Android devices

Although the apps which caused Judy malwares to disrupt Android devices have been removed from the Google Play Store, it is still a part of the iOS play store.

Google has been trying to secure its official store Google Play to protect Android devices from the malware attacks. The company had recently removed almost 40 apps from the store which were found operating as malwares.

Google Bouncer, which was devised by Google to keep malwares off at bay, is also failing to do its job with the various malicious app making their way into the play store easily. Most of the 40 apps that were removed from Google Play, a few days ago, were made by Korean developer Kiniwini under ENISTUDIO Corp.

The company has come back with another Android-based malware named "Judy". The name of the malware comes from the app with which it is associated titled "Chef Judy". Earlier reports estimated that a total 36.5 million Android devices were victims of the 40 malwares that Google removed, with the new malware the vulnerability for Android devices increases. Check Point, the research and security firm were the first one to spot the malware Judy.


While Google has been able to remove most of the malwares, the fact that new malwares are coming up every now and then and are bypassing the security feature Bouncer is something to be worried about. Like most of the malwares removed earlier, Judy also operates in the same way where the app redirects users to click on ads which are mostly fraudulent which lead to increase in revenues for the developers.

Moreover, what is frightening is the fact these apps have been there for a couple of years with the latest updated version surfacing recently. About the process in which Judy works, Check Point noted, "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure."

iTunes - Apple

Although the apps which caused these malwares to disrupt your Android device have been removed from the Play Store by Google, it is still part of the iOS play store, where there are around 45 of these malwares inducing apps in the iTunes App Store, which are all developed by ENISTUDIO Corp.