Android Malware And The Way You Are Infecting Yourself

adroid malwares

Android is used by 328 million users worldwide, the operating system has dominated the smartphone market. Android, by 3rd quarter of 2016 covered 88% of the smartphone market.

Being so popular, the developers showed huge interest in building applications for the platform, in a result of which, the android play store (google play store) now hold 2.8 million of Android application, being the biggest application store, in second stands the Apple App Store consisting of 2.2 million applications for IOS users.

The number of Android applications increased much faster in the last 4 years, which is around 1.8 million apps came after the year 2013.

Judy Malware: Auto-Clicking Adware

Android play store consists of 2.8 million apps and are being regularly scanned for malware in them, recently The researchers at Check Point found 41 Android apps infected with Judy Malware which is an auto-clicking adware.


“The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.” says Check Point’s Mobile Research Team.


The apps were developed by a Korean Company and were available on the play store from a very long time, It is not yet clear that whether the malware already existed or was given as an update, however, it is clear that the malware was residing in play store for a pretty long time.

They also found some more apps infected by the same malware developed by other developers.

These apps also had a lot of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation.” said the CPMRT in their blog post.

The purpose of the Judy malware is to launch browser applications, load an URL and using javascript detect the ad campaigns and click on them, which in result brings profit to the owner.

Here is the list of applications:


Package nameApp nameDateMinMax Judy: Snow Queen style24.3.17100,000500,000 Judy: Persian cat care14.4.17100,000500,000 Judy: Pretty rapper24.3.1750,000100,000 Judy: Teacher style24.3.1750,000100,000 Judy: Dragon care14.4.17100,000500,000 Judy: Halloween Cookies10.4.17100,000500,000 Judy: Wedding Party7.4.1750,000100,000 Judy: Teddy Bear care16.4.175,00010,000 Judy: Bunny Girl Style24.3.1750,000100,000 Judy: Frozen Princess7.4.1750,000100,000 Judy: Triangular Kimbap10.4.1750,000100,000 Judy: Udong Maker – Cook10.4.1710,00050,000 Judy: Uniform style24.3.1710,00050,000 Judy: Rabbit care14.4.17100,000500,000 Judy: Vampire style24.3.17100,000500,000 Judy: Nine-Tailed Fox18.4.17100,000500,000 Judy: Jelly Maker – Cook10.4.1750,000100,000 Judy: Chicken Maker10.4.1750,000100,000 Judy: Sea otter care14.4.17100,000500,000 Judy: Elephant care16.4.175,00010,000’s Happy House10.4.17100,000500,000 Judy: Hotdog Maker – Cook29.3.1750,000100,000 Judy: Birthday Food Maker10.4.1750,000100,000 Judy: Wedding day20.4.17100,000500,000 Judy: Waitress style24.3.1710,00050,000 Judy: Character Lunch10.4.17100,000500,000 Judy: Picnic Lunch Maker10.4.175000001000000 Judy: Rudolph care14.4.17100,000500,000’s Hospital:pediatrics10.4.17100,000500,000 Judy: Country style24.3.1710,00050,000 Judy: Feral Cat care16.4.1710,00050,000 Judy: Twice Style20.4.17100,000500,000 Judy: Myth Style20.4.1750,000100,000 Judy: Fennec Fox care14.4.17100,000500,000 Judy: Dog care14.4.17100,000500,000 Judy: Couple Style24.3.17100,000500,000 Judy: Cat care14.4.17100,000500,000 Judy: Halloween style7.4.17100,000500,000 Judy: EXO Style7.4.1750,000100,000 Judy: Dalgona Maker28.3.17100,000500,000 Judy: ServiceStation Food10.4.171000050000
air.eni.JudySpaSalonJudy’s Spa Salon10.4.171,000,0005,000,000
Total  4,620,00018,420,000


List of apps Developed by other developers.

Package nameApp nameDateMinMaxDeveloper
com.CoupleDday커플디데이 (커플기념일, 위젯)2-Apr-17100,000500,000Neoroid
com.DogSoundDog Music (Relax)29-Jun-1610,00050,000Neoroid
com.kakaotalkchatanalyst.ks카카오톡 대화분석기25-Feb-161,000,0005,000,000DeepEnjoy
com.PeriodCalendar황금기 알리미 (여성달력)20-Apr-16100,000500,000Neoroid
com.MoneyBook100억 가계부2-Apr-17100,000500,000그린 스튜디오
com.lee.katocpicKatocPic(카톡픽) – 카톡프로필23-Aug-165,00010,000Wontime
com.appnapps.app77필수추천 무료어플 775-Feb-171,000,0005,000,000App&Apps
com.sundaybugs.spring.freeSpring-It’s stylish, it’s sexy30-Sep-161,000,0005,000,000Sundaybugs
com.lx5475.craftingbox2Crafting Guide for Minecraft4-May-17500,0001,000,000JIZARD
Total  4,215,00018,060,000


The Check Point Mobile Research Team has already reported to Google about the application in the result of which Google removed the applications from the play store.

Google’s new service is using machine learning to check the behavior of an application, if any activity is found suspicious then it will remove the application from the phone, by which smartphones are more likely to become safer than now.

ZTorg Trozan: Gives you 5 cents to infect yourself

People have become crazy thinking about how to earn money from the internet, people do several things, some become bloggers, vloggers, photographers and some end up installing applications.

Yes, installing an application, ever seen an ad campaign saying earn from home using your Android device, just install applications and earn money.

A security blogger at Kaspersky named John Snow explains how this mechanism works, He explains in his blog post saying that in google play there are much application which acts as an app exchanger, after downloading such apps you see a list of apps in them, which if you download you will get paid. All you need to do is download and open the listed application for a couple of mins and get paid.

You can find such applications just by having a look at reviews of the apps.

ztorg android malware

“Such app exchanges may urge you to download malware, in particular, the infamous Ztorg Trojan.” says John in his blog post.

What is Ztorg?

Ztorg Trojan once installed on your phone, it collects information of your phone and sends it to its command-and-control (C&C) server. The server responds with the files which are used to enable the malware to gain root access to the device. After which the malware developer can do whatever he wants. Ztorg does every activity anonymously so that the victim is not able to notice it.

Ztorg also spreads when you click on ads. When you click on an ad banner and download the app and install it, you will get infected.

What should you do?

You should make sure that you always download the application from trusted developers, not from any third party ones.

Having a good antivirus program in your smartphone is a plus to your security.


If you have any doubts or questions feel free to leave us a comment below.