1. Home
  2. Judy Malware infects 36.5 million Android users, Google removes infected apps

Judy Malware infects 36.5 million Android users, Google removes infected apps

[email protected] (Agencies)
May 29, 2017

May 29: A new malware named "Judy" has found in over 41 apps on the Google Play Store, and it has infected between 8.5 million to 36.5 million users. This is according to a report from security research firm Check Point, which discovered the malware and alerted Google. The search giant has started removing these infected apps from the Play Store.judy

However, "Judy Malware" infected apps have managed to research over 4.5 million to 18.5 million downloads on the Google Play Store. According to a blogpost by Check Point, Judy Malware is “auto-clicking adware,” and the firm spotted tapps developed by a company based in South Korea.

The company"s name is Kiniwini, which is mentioned on the Google Play Store as ENISTUDIO corp, say the researchers. This firm developers apps for Android, iOS. The auto-clicking adware would basically use these infected devices to create false clicks on ads, and thus generate revenue for the people behind this.

Check Point notes in the blog post, “The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated.

The researchers have also found other apps on the Google Play Store, which contain the malware, and these were developed by other companies. The research firm notes that code was present in an app since April 2016, so basically it managed to escape Google"s scrutiny for nearly an year.

So what exactly is "Judy" malware, and how does it work?

The idea with Judy malware is to create false clicks on ads, and thus boost revenue of these companies. Essentially the Judy malware bypassed Google Play Store"s protection, and the hackers created a “seemingly benign bridgehead app, meant to establish connection to the victim"s device, and insert it into the app store.”

After the app is downloaded, it manages to set up a connection with the Control and Command server, which delivers the actual malicious payload. This includes the “JavaScript code, a user-agent string and URLs controlled by the malware author,” explains the firm.

These URLs open a targeted website, and the code is used to click on banners from the Google ad tech. Each click mean payment for the creator of the malware from the website developer. It finds ads by looking for iframes, which have ads from Google ads infrastructure.

The Judy Malware fiasco shows that even Google Play Store tends to miss out on malware at times, as it clearly did in this case. Google says that their Play Store works around the clock to automatically identify malware and apps that can pose can risk to the user. But in the case of Judy malware, this is a big miss.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 26,2020

Facebook will introduce a new notification screen on its platform that will warn users if the article they are about to share is over 90 days old, the company announced on Thursday.

“We’re starting to globally roll out a notification screen that will let people know when news articles they are about to share are more than 90 days old,” Facebook wrote in a blog post.

The social media platform had previously introduced a context button in 2018 that provides information about the sources of articles in the News Feed. Building upon that, the new feature will inform users about the timeliness of the article.

“To ensure people have the context they need to make informed decisions about what to share on Facebook, the notification screen will appear when people click the share button on articles older than 90 days, but will allow people to continue sharing if they decide an article is still relevant,” Facebook said.

The social media giant stated that timeliness is important in understanding the context of an article and curbing the spread of misinformation on the platform.

“News publishers, in particular, have expressed concerns about older stories being shared on social media as current news, which can misconstrue the state of current events. Some news publishers have already taken steps to address this on their own websites by prominently labelling older articles to prevent outdated news from being used in misleading ways,” Facebook added.

Apart from this, the platform will also be testing a similar notification screen for information related to the global Covid-19 pandemic. The notification screen will provide information about the source of the link shared in a post if the link is related to information on Covid-19. It will also direct people to its previously introduced Covid-19 information centre for “authoritative” health information, it said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
August 2,2020

New Delhi, Aug 2: The National Commission for Women (NCW) has issued notice to some Bollywood celebrities named in a complaint against the promoter of a company for allegedly blackmailing and sexually assaulting a number of girls on the pretext of giving them a career in modelling.

Taking cognizance of the complaint filed by social activist Yogita Bhayana of People Against Rape in India (PARI), the NCW scheduled a virtual hearing presided by its chairperson on August 6.

The complaint against Sunny Verma, promoter of a company named IMG Ventures with its headquarter in Chandigarh, alleged that he has been blackmailing and sexually assaulting a number of girls on the pretext of giving them career in modelling.

PARI's Yogita Bhayana wrote a complaint letter to NCW chairperson Rekha Sharma.

"Through his company, he (Sunny Verma) invites the girls on the pretext of organising a Miss Asia contest with a claim that the contest will launch them as models. To make it look genuine, his company has also been taking an entry fee of Rs 2,950. Once the girls apply, they are alluded by the female accomplices of Sunny Verma to submit their nude pictures in order to get the better ranking in the contest," the complaint letter said on July 31.

It alleged that Verma, after receiving the pictures and sometimes even before, used to get in touch with the girls and ask for completely nude pictures and videos.

The complaint letter said that Verma also used to allude as well as threaten the girls to submit to his sexual desires if they were interested in modelling as a career or wish to win the contest.

"Once he established a physical relationship with the girls, he used to blackmail them for regular sexual favours. Many girls from across the country have suffered a sexual and mental assault from Sunny and his accomplices," said the complaint citing several letters, texts and audio clips from several girls as proof of this modus operandi of Sunny Verma and his company.

The complaint also said that Sunny Verma has been previously also arrested on charges of sexual assault.

"We would demand that NCW should investigate the case to its depth and get the guilty punished so that any other person should not dare to exploit these kinds of innocent girls on any pretext. It will be a message to people like Sunny Verma and all associated Bollywood stars. Looking forward to strict action from NCW against sexual offenders like Sunny Verma & others," the complaint said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 4,2020

Twitter has joined efforts to do away with racially loaded terms such as master, slave and blacklist from its coding language in the wake of the death of African-American George Floyd and ensuing Black Lives Matter protests.

The project started even before the current movement for racial justice escalated following the death of 46-year-old George Floyd in police custody in May.

The use of terms such as "master" and "slave" in programming language originated decades ago. While "master" is used to refer to the primary version of a code, "slave" refers to the replicas. Similarly, the term "Blacklist" is used to refer to items which are meant to be automatically denied.

The efforts to change these terms in favour of more inclusive language at Twitter were initiated by Regynald Augustin and Kevin Oliver and the microblogging platform is now backing their efforts.

"Inclusive language plays a critical role in fostering an environment where everyone belongs. At Twitter, the language we have been using in our code does not reflect our values as a company or represent the people we serve. We want to change that. #WordsMatter," Twitter's engineering team said in a post on Thursday.

As per the recommendations from the team, the term "whitelist" could be replaced by "allowlist" and "blacklist" by "denylist".

Similarly, "master/slave" could be replaced by "leader/follower", "primary/replica" or "primary/standby".

Twitter, however, is not the first to start a project to bring inclusivity in programming language.

According to a report in CNET, the team behind the Drupal online publishing software started using "primary/replica" in place of "master/slave" as early as in 2014.

The use of the terms "master/slave" was also dropped by developers of the Python programming language in 2018.

Now similar efforts are underway at Microsoft's Github and LinkedIn divisions as well, said the report.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.