Android Malware And The Way You Are Infecting Yourself

Android is used by 328 million users worldwide, the operating system has dominated the smartphone market. Android, by 3rd quarter of 2016 covered 88% of the smartphone market.

Being so popular, the developers showed huge interest in building applications for the platform, in a result of which, the android play store (google play store) now hold 2.8 million of Android application, being the biggest application store, in second stands the Apple App Store consisting of 2.2 million applications for IOS users.

The number of Android applications increased much faster in the last 4 years, which is around 1.8 million apps came after the year 2013.

Judy Malware: Auto-Clicking Adware

Android play store consists of 2.8 million apps and are being regularly scanned for malware in them, recently The researchers at Check Point found 41 Android apps infected with Judy Malware which is an auto-clicking adware.


“The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.” says Check Point’s Mobile Research Team.


The apps were developed by a Korean Company and were available on the play store from a very long time, It is not yet clear that whether the malware already existed or was given as an update, however, it is clear that the malware was residing in play store for a pretty long time.

They also found some more apps infected by the same malware developed by other developers.

These apps also had a lot of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation.” said the CPMRT in their blog post.

The purpose of the Judy malware is to launch browser applications, load an URL and using javascript detect the ad campaigns and click on them, which in result brings profit to the owner.

Here is the list of applications:


Package name App name Date Min Max Fashion Judy: Snow Queen style 24.3.17 100,000 500,000 Animal Judy: Persian cat care 14.4.17 100,000 500,000 Fashion Judy: Pretty rapper 24.3.17 50,000 100,000 Fashion Judy: Teacher style 24.3.17 50,000 100,000 Animal Judy: Dragon care 14.4.17 100,000 500,000 Chef Judy: Halloween Cookies 10.4.17 100,000 500,000 Fashion Judy: Wedding Party 7.4.17 50,000 100,000 Animal Judy: Teddy Bear care 16.4.17 5,000 10,000 Fashion Judy: Bunny Girl Style 24.3.17 50,000 100,000 Fashion Judy: Frozen Princess 7.4.17 50,000 100,000 Chef Judy: Triangular Kimbap 10.4.17 50,000 100,000 Chef Judy: Udong Maker – Cook 10.4.17 10,000 50,000 Fashion Judy: Uniform style 24.3.17 10,000 50,000 Animal Judy: Rabbit care 14.4.17 100,000 500,000 Fashion Judy: Vampire style 24.3.17 100,000 500,000 Animal Judy: Nine-Tailed Fox 18.4.17 100,000 500,000 Chef Judy: Jelly Maker – Cook 10.4.17 50,000 100,000 Chef Judy: Chicken Maker 10.4.17 50,000 100,000 Animal Judy: Sea otter care 14.4.17 100,000 500,000 Animal Judy: Elephant care 16.4.17 5,000 10,000 Judy’s Happy House 10.4.17 100,000 500,000 Chef Judy: Hotdog Maker – Cook 29.3.17 50,000 100,000 Chef Judy: Birthday Food Maker 10.4.17 50,000 100,000 Fashion Judy: Wedding day 20.4.17 100,000 500,000 Fashion Judy: Waitress style 24.3.17 10,000 50,000 Chef Judy: Character Lunch 10.4.17 100,000 500,000 Chef Judy: Picnic Lunch Maker 10.4.17 500000 1000000 Animal Judy: Rudolph care 14.4.17 100,000 500,000 Judy’s Hospital:pediatrics 10.4.17 100,000 500,000 Fashion Judy: Country style 24.3.17 10,000 50,000 Animal Judy: Feral Cat care 16.4.17 10,000 50,000 Fashion Judy: Twice Style 20.4.17 100,000 500,000 Fashion Judy: Myth Style 20.4.17 50,000 100,000 Animal Judy: Fennec Fox care 14.4.17 100,000 500,000 Animal Judy: Dog care 14.4.17 100,000 500,000 Fashion Judy: Couple Style 24.3.17 100,000 500,000 Animal Judy: Cat care 14.4.17 100,000 500,000 Fashion Judy: Halloween style 7.4.17 100,000 500,000 Fashion Judy: EXO Style 7.4.17 50,000 100,000 Chef Judy: Dalgona Maker 28.3.17 100,000 500,000 Chef Judy: ServiceStation Food 10.4.17 10000 50000
air.eni.JudySpaSalon Judy’s Spa Salon 10.4.17 1,000,000 5,000,000
Total     4,620,000 18,420,000


List of apps Developed by other developers.

Package name App name Date Min Max Developer
com.CoupleDday 커플디데이 (커플기념일, 위젯) 2-Apr-17 100,000 500,000 Neoroid
com.DogSound Dog Music (Relax) 29-Jun-16 10,000 50,000 Neoroid
com.kakaotalkchatanalyst.ks 카카오톡 대화분석기 25-Feb-16 1,000,000 5,000,000 DeepEnjoy
com.PeriodCalendar 황금기 알리미 (여성달력) 20-Apr-16 100,000 500,000 Neoroid
com.MoneyBook 100억 가계부 2-Apr-17 100,000 500,000 그린 스튜디오
com.lee.katocpic KatocPic(카톡픽) – 카톡프로필 23-Aug-16 5,000 10,000 Wontime
com.appnapps.app77 필수추천 무료어플 77 5-Feb-17 1,000,000 5,000,000 App&Apps Spring-It’s stylish, it’s sexy 30-Sep-16 1,000,000 5,000,000 Sundaybugs
com.lx5475.craftingbox2 Crafting Guide for Minecraft 4-May-17 500,000 1,000,000 JIZARD
Total     4,215,000 18,060,000


The Check Point Mobile Research Team has already reported to Google about the application in the result of which Google removed the applications from the play store.

Google’s new service is using machine learning to check the behavior of an application, if any activity is found suspicious then it will remove the application from the phone, by which smartphones are more likely to become safer than now.

ZTorg Trozan: Gives you 5 cents to infect yourself

People have become crazy thinking about how to earn money from the internet, people do several things, some become bloggers, vloggers, photographers and some end up installing applications.

Yes, installing an application, ever seen an ad campaign saying earn from home using your Android device, just install applications and earn money.

A security blogger at Kaspersky named John Snow explains how this mechanism works, He explains in his blog post saying that in google play there are much application which acts as an app exchanger, after downloading such apps you see a list of apps in them, which if you download you will get paid. All you need to do is download and open the listed application for a couple of mins and get paid.

You can find such applications just by having a look at reviews of the apps.


“Such app exchanges may urge you to download malware, in particular, the infamous Ztorg Trojan.” says John in his blog post.

What is Ztorg?

Ztorg Trojan once installed on your phone, it collects information of your phone and sends it to its command-and-control (C&C) server. The server responds with the files which are used to enable the malware to gain root access to the device. After which the malware developer can do whatever he wants. Ztorg does every activity anonymously so that the victim is not able to notice it.

Ztorg also spreads when you click on ads. When you click on an ad banner and download the app and install it, you will get infected.

What should you do?

You should make sure that you always download the application from trusted developers, not from any third party ones.

Having a good antivirus program in your smartphone is a plus to your security.


If you have any doubts or questions feel free to leave us a comment below.