Android is used by 328 million users worldwide, the operating system has dominated the smartphone market. Android, by 3rd quarter of 2016 covered 88% of the smartphone market.
Being so popular, the developers showed huge interest in building applications for the platform, in a result of which, the android play store (google play store) now hold 2.8 million of Android application, being the biggest application store, in second stands the Apple App Store consisting of 2.2 million applications for IOS users.
The number of Android applications increased much faster in the last 4 years, which is around 1.8 million apps came after the year 2013.
Judy Malware: Auto-Clicking Adware
Android play store consists of 2.8 million apps and are being regularly scanned for malware in them, recently The researchers at Check Point found 41 Android apps infected with Judy Malware which is an auto-clicking adware.
“The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.” says Check Point’s Mobile Research Team.
The apps were developed by a Korean Company and were available on the play store from a very long time, It is not yet clear that whether the malware already existed or was given as an update, however, it is clear that the malware was residing in play store for a pretty long time.
They also found some more apps infected by the same malware developed by other developers.
” These apps also had a lot of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation.” said the CPMRT in their blog post.
The purpose of the Judy malware is to launch browser applications, load an URL and using javascript detect the ad campaigns and click on them, which in result brings profit to the owner.
Here is the list of applications:
Package name | App name | Date | Min | Max |
air.com.eni.FashionJudy061 | Fashion Judy: Snow Queen style | 24.3.17 | 100,000 | 500,000 |
air.com.eni.AnimalJudy013 | Animal Judy: Persian cat care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy056 | Fashion Judy: Pretty rapper | 24.3.17 | 50,000 | 100,000 |
air.com.eni.FashionJudy057 | Fashion Judy: Teacher style | 24.3.17 | 50,000 | 100,000 |
air.com.eni.AnimalJudy009 | Animal Judy: Dragon care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.ChefJudy058 | Chef Judy: Halloween Cookies | 10.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy074 | Fashion Judy: Wedding Party | 7.4.17 | 50,000 | 100,000 |
air.com.eni.AnimalJudy036 | Animal Judy: Teddy Bear care | 16.4.17 | 5,000 | 10,000 |
air.com.eni.FashionJudy062 | Fashion Judy: Bunny Girl Style | 24.3.17 | 50,000 | 100,000 |
air.com.eni.FashionJudy009 | Fashion Judy: Frozen Princess | 7.4.17 | 50,000 | 100,000 |
air.com.eni.ChefJudy055 | Chef Judy: Triangular Kimbap | 10.4.17 | 50,000 | 100,000 |
air.com.eni.ChefJudy062 | Chef Judy: Udong Maker – Cook | 10.4.17 | 10,000 | 50,000 |
air.com.eni.FashionJudy067 | Fashion Judy: Uniform style | 24.3.17 | 10,000 | 50,000 |
air.com.eni.AnimalJudy006 | Animal Judy: Rabbit care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy052 | Fashion Judy: Vampire style | 24.3.17 | 100,000 | 500,000 |
air.com.eni.AnimalJudy033 | Animal Judy: Nine-Tailed Fox | 18.4.17 | 100,000 | 500,000 |
air.com.eni.ChefJudy059 | Chef Judy: Jelly Maker – Cook | 10.4.17 | 50,000 | 100,000 |
air.com.eni.ChefJudy056 | Chef Judy: Chicken Maker | 10.4.17 | 50,000 | 100,000 |
air.com.eni.AnimalJudy018 | Animal Judy: Sea otter care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.AnimalJudy035 | Animal Judy: Elephant care | 16.4.17 | 5,000 | 10,000 |
air.com.eni.JudyHappyHouse | Judy’s Happy House | 10.4.17 | 100,000 | 500,000 |
air.com.eni.ChefJudy036 | Chef Judy: Hotdog Maker – Cook | 29.3.17 | 50,000 | 100,000 |
air.com.eni.ChefJudy063 | Chef Judy: Birthday Food Maker | 10.4.17 | 50,000 | 100,000 |
air.com.eni.FashionJudy051 | Fashion Judy: Wedding day | 20.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy058 | Fashion Judy: Waitress style | 24.3.17 | 10,000 | 50,000 |
air.com.eni.ChefJudy057 | Chef Judy: Character Lunch | 10.4.17 | 100,000 | 500,000 |
air.com.eni.ChefJudy030 | Chef Judy: Picnic Lunch Maker | 10.4.17 | 500000 | 1000000 |
air.com.eni.AnimalJudy005 | Animal Judy: Rudolph care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.JudyHospitalBaby | Judy’s Hospital:pediatrics | 10.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy068 | Fashion Judy: Country style | 24.3.17 | 10,000 | 50,000 |
air.com.eni.AnimalJudy034 | Animal Judy: Feral Cat care | 16.4.17 | 10,000 | 50,000 |
air.com.eni.FashionJudy076 | Fashion Judy: Twice Style | 20.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy072 | Fashion Judy: Myth Style | 20.4.17 | 50,000 | 100,000 |
air.com.eni.AnimalJudy022 | Animal Judy: Fennec Fox care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.AnimalJudy002 | Animal Judy: Dog care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy049 | Fashion Judy: Couple Style | 24.3.17 | 100,000 | 500,000 |
air.com.eni.AnimalJudy001 | Animal Judy: Cat care | 14.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy053 | Fashion Judy: Halloween style | 7.4.17 | 100,000 | 500,000 |
air.com.eni.FashionJudy075 | Fashion Judy: EXO Style | 7.4.17 | 50,000 | 100,000 |
air.com.eni.ChefJudy038 | Chef Judy: Dalgona Maker | 28.3.17 | 100,000 | 500,000 |
air.com.eni.ChefJudy064 | Chef Judy: ServiceStation Food | 10.4.17 | 10000 | 50000 |
air.eni.JudySpaSalon | Judy’s Spa Salon | 10.4.17 | 1,000,000 | 5,000,000 |
Total | 4,620,000 | 18,420,000 |
List of apps Developed by other developers.
Package name | App name | Date | Min | Max | Developer |
com.CoupleDday | 커플디데이 (커플기념일, 위젯) | 2-Apr-17 | 100,000 | 500,000 | Neoroid |
com.DogSound | Dog Music (Relax) | 29-Jun-16 | 10,000 | 50,000 | Neoroid |
com.kakaotalkchatanalyst.ks | 카카오톡 대화분석기 | 25-Feb-16 | 1,000,000 | 5,000,000 | DeepEnjoy |
com.PeriodCalendar | 황금기 알리미 (여성달력) | 20-Apr-16 | 100,000 | 500,000 | Neoroid |
com.MoneyBook | 100억 가계부 | 2-Apr-17 | 100,000 | 500,000 | 그린 스튜디오 |
com.lee.katocpic | KatocPic(카톡픽) – 카톡프로필 | 23-Aug-16 | 5,000 | 10,000 | Wontime |
com.appnapps.app77 | 필수추천 무료어플 77 | 5-Feb-17 | 1,000,000 | 5,000,000 | App&Apps |
com.sundaybugs.spring.free | Spring-It’s stylish, it’s sexy | 30-Sep-16 | 1,000,000 | 5,000,000 | Sundaybugs |
com.lx5475.craftingbox2 | Crafting Guide for Minecraft | 4-May-17 | 500,000 | 1,000,000 | JIZARD |
Total | 4,215,000 | 18,060,000 |
The Check Point Mobile Research Team has already reported to Google about the application in the result of which Google removed the applications from the play store.
Google’s new service is using machine learning to check the behavior of an application, if any activity is found suspicious then it will remove the application from the phone, by which smartphones are more likely to become safer than now.
ZTorg Trozan: Gives you 5 cents to infect yourself
People have become crazy thinking about how to earn money from the internet, people do several things, some become bloggers, vloggers, photographers and some end up installing applications.
Yes, installing an application, ever seen an ad campaign saying earn from home using your Android device, just install applications and earn money.
A security blogger at Kaspersky named John Snow explains how this mechanism works, He explains in his blog post saying that in google play there are much application which acts as an app exchanger, after downloading such apps you see a list of apps in them, which if you download you will get paid. All you need to do is download and open the listed application for a couple of mins and get paid.
You can find such applications just by having a look at reviews of the apps.
“Such app exchanges may urge you to download malware, in particular, the infamous Ztorg Trojan.” says John in his blog post.
What is Ztorg?
Ztorg Trojan once installed on your phone, it collects information of your phone and sends it to its command-and-control (C&C) server. The server responds with the files which are used to enable the malware to gain root access to the device. After which the malware developer can do whatever he wants. Ztorg does every activity anonymously so that the victim is not able to notice it.
Ztorg also spreads when you click on ads. When you click on an ad banner and download the app and install it, you will get infected.
What should you do?
You should make sure that you always download the application from trusted developers, not from any third party ones.
Having a good antivirus program in your smartphone is a plus to your security.
If you have any doubts or questions feel free to leave us a comment below.