Story image

Malicious apps discovered on Google Play - some lurking for more than a year

30 May 17

Check Point, a security software company, has revealed that their researchers discovered another widespread malware campaign on the official Google app store, Google Play.

The malware, dubbed “Judy”, is an auto-clicking adware which was discovered on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, resulting in generated revenue for the companies behind the ads.

The malicious apps reached a whopping amount of downloads, between 4.5 million and 18.5 million. Some of the apps discovered had been residents on Google Play for several years, but had all been very recently updated. Because it is unknown how long the malicious code existed in the apps, the true spread of the malware can’t truly be known.

Also found were several apps containing the malware which had been developed by other developers on Google Play. At the moment the connection between the two campaigns remains unclear, but it is entirely possible that one borrowed code from the other either knowingly or not.

The oldest app of this second campaign was last updated in April 2016, meaning that the malicious code was hidden, undetected, on Google Play for more than a year.

These apps also had a large amount of downloads (between 4 and 18 million), meaning the total spread of the malware across both campaigns may have reached between 8.5 and 36.5 million users.

Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were quickly removed from the Play store.

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”