Google just located and removed 41 Android apps — all from a single developer — that secretly included malware in each download. The apps used infected Android phones to auto-click on ads, and the number of downloads makes this possibly the largest mobile ad fraud network Google has ever faced.
The malware apps saw between 4.5 million and 18.5 million downloads, as security company Check Point reports. Check Point was able to report the troublemaking apps, and Google has since removed them from their official app store, Google Play.
How It Works
Some of the apps had been around for years, but all were consistently updated, meaning that this malware campaign was a resounding success up until now. Here are the full details from the company that cracked the case:
“The malware, dubbed ‘Judy,’ is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. […]
We also found several apps containing the malware, which were developed by other developers on Google Play. The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly. The oldest app of the second campaign was last updated in April 2016, meaning that the malicious code hid for a long time on the Play store undetected. These apps also had a large amount of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were swiftly removed from the Play store.”
Avoiding Malware Apps
The only way to be sure you’re safe is to opt for downloading only the most well-established professional apps. And given some of Uber’s brushes with the Apple Store’s ethical standards that have recently come to light, maybe even the established apps aren’t safe.
A full list of the 41 malware apps involved in this incident is available over here, for those interested in finding out if their Android phone has been supporting ad scammers for the last few years. Hint: If ‘Judy’ is in the title of an app you downloaded, you’re in trouble.