Just when you thought that WannaCry would be the last of the big malware attacks to plague 2017, a new breed of nasty has appeared on the Google Play Store. And its name is Judy.
According to a report published by security company CheckPoint, Judy “is an auto-clicking adware which was found on 41 apps developed by a Korean company”.
No ad to show here.
The malware gets its name from the usual (and rather adorable) protagonist of the games fronting the malware. In one particular case, users can “create delicious food with Judy”.
When users click on these ads, the attackers rack up the Google advertising revenue.
Judy lurks within seemingly innocuous games and apps on infected Android devices
While that doesn’t sound too bad (after all, WannaCry locked users out of their devices altogether), it gets worse: due to the malware’s perceived age on the Play Store, around 36.5-million users who downloaded these apps could be at risk.
The security company is calling this one of the largest malware campaigns found on Google Play Store.
“It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown,” CheckPoint reveals.
Although the offending wares have since been removed from the Play Store itself, the malware is still out in the wild.
What makes this malware distressing for users is that Google itself couldn’t protect its users.
“Users cannot rely on the official app stores for their safety, and should implement advanced security protections capable of detecting and blocking zero-day mobile malware,” CheckPoint adds.