Judy Malware

The Judy malware is an ad-clicker Trojan that creates unseen, fake ad traffic, as well as displays intrusive advertisements to users automatically. This threat propagates through Google Play applications that may have high ratings. Users should double-check for the presence of any software associated with this threat and, if appropriate, remove the Judy malware with a qualified anti-malware program.

The Judy Malware is Baking an Ad Cake

While Google does monitor its store for security issues, they aren't always successful at weeding out threats, both ones updated into behaving harmfully and ones that are toxic as soon as they're uploaded. Examples of failures to guard users against these threatening applications are numerous, including the the Anubis Trojan, Chamois, the Exodus Malware, and, perhaps the most profitable, the Judy malware. While Google has taken down all of the in-store links to known the Judy malware applications, it's too late for at least four million and up to eighteen million victims.

The Judy malware is tightly-associated with applications from a Korean company, ENISTUDIO Corp., with such games as 'Chef Judy' and 'Animal Judy.' However, malware analysts also confirm installers in applications by other developers, such as Neoroid. Some of these threatening applications are recently updated, which may imply that the threat actor compromised the programs recently, although others have kept the Judy malware's code hidden for years. In all cases, the only function in the application, itself, is retrieving the corrupted JavaScript and other content that triggers the rest of the Judy malware's payload.

With its primary payload active, the Judy malware has two features, one of which affects the user directly, the other of which remains hidden:

• The Judy malware runs an invisible user-agent routine that tricks Web developers into believing that humans are viewing their advertisements. This traffic creates revenue for the threat actor, who receives a small payment per view.
• The Judy malware also displays advertising automatically, similarly to adware Users are reporting that these advertisements use invasive formats that can block access to other content by covering the UI.

Diverging from a Recipe for Criminal Ad Revenue

The millions of users compromised by the Judy malware and the high ratings that most of its applications garner, show the importance of staying canny to the possible dangers of a 'zero-day' or unidentified Trojan. Phone applications, browser extensions, and other add-ons that limit your control over advertising content interfere with legitimate programs, or use excessive network traffic may be using your system for more than just their stated purposes. Exposure to criminal-promoted ad networks also is an infection vector and point of contact with online tactics, and malware researchers recommend minimizing it, when possible.

While all identified the Judy malware applications are no longer on the Google Play store, there is a possibility of other, threatening applications not being recognized, yet. Besides paying attention to that theoretical danger, users should remove every application with the Judy malware components – security company Check Point is making available a complete list of affected applications. Traditional anti-malware tools should detect this threat and make uninstalling the Judy malware easy for any victims.

What's going on inside a program isn't always something discernible from its exterior. Users that remember the distance between appearance and functionality when they're installing new products will, hopefully, keep their phones safe from the next version of the Judy malware's advertising antics.