1. Home
  2. Judy Malware infects 36.5 million Android users, Google removes infected apps

Judy Malware infects 36.5 million Android users, Google removes infected apps

[email protected] (Agencies)
May 29, 2017

May 29: A new malware named "Judy" has found in over 41 apps on the Google Play Store, and it has infected between 8.5 million to 36.5 million users. This is according to a report from security research firm Check Point, which discovered the malware and alerted Google. The search giant has started removing these infected apps from the Play Store.judy

However, "Judy Malware" infected apps have managed to research over 4.5 million to 18.5 million downloads on the Google Play Store. According to a blogpost by Check Point, Judy Malware is “auto-clicking adware,” and the firm spotted tapps developed by a company based in South Korea.

The company"s name is Kiniwini, which is mentioned on the Google Play Store as ENISTUDIO corp, say the researchers. This firm developers apps for Android, iOS. The auto-clicking adware would basically use these infected devices to create false clicks on ads, and thus generate revenue for the people behind this.

Check Point notes in the blog post, “The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated.

The researchers have also found other apps on the Google Play Store, which contain the malware, and these were developed by other companies. The research firm notes that code was present in an app since April 2016, so basically it managed to escape Google"s scrutiny for nearly an year.

So what exactly is "Judy" malware, and how does it work?

The idea with Judy malware is to create false clicks on ads, and thus boost revenue of these companies. Essentially the Judy malware bypassed Google Play Store"s protection, and the hackers created a “seemingly benign bridgehead app, meant to establish connection to the victim"s device, and insert it into the app store.”

After the app is downloaded, it manages to set up a connection with the Control and Command server, which delivers the actual malicious payload. This includes the “JavaScript code, a user-agent string and URLs controlled by the malware author,” explains the firm.

These URLs open a targeted website, and the code is used to click on banners from the Google ad tech. Each click mean payment for the creator of the malware from the website developer. It finds ads by looking for iframes, which have ads from Google ads infrastructure.

The Judy Malware fiasco shows that even Google Play Store tends to miss out on malware at times, as it clearly did in this case. Google says that their Play Store works around the clock to automatically identify malware and apps that can pose can risk to the user. But in the case of Judy malware, this is a big miss.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 30,2020

The GST Council is unlikely to make major changes in the indirect tax structure at its next meeting slated mid June.

A top government source said that the Centre is not in favour of increasing tax rates on any goods or service as it could further impact consumption and demand that is already suppressed due the COVID-19 pandemic and lockdown.

It was widely expected that the GST Council could consider raising tax rates and cess on certain non-essential items to boost revenue for states and the Centre. Several states have reportedly taken an over 80-90 per cent hit in GST collections in April, the official data for which has not yet been released by the Centre.

"The need of the hour is to boost consumption and improve demand. By categorising items into essential and non-essential and then raising taxes on non-essential is not what Centre favours. But, the issue on rates and relief will be decided by the GST Council that is meeting next month," the finance ministry official source quoted above said.

The GST Council is chaired by the Union finance minister and thus the views of the Centre play out strongly in the council meetings.

However, the Council will also have to balance the expectations of the states whose revenues have nosedived after the coronavirus outbreak and wide scale disruption to businesses while they have still not been paid GST compensation since the December-January period.

To the question of wider scale job losses in the period of lockdown as businesses get widely impacted, the official said that the Finance Ministry has asked the labour ministry to collect data on job losses during Covid-19 and is constantly engaging with the ministry to oversee job losses and salary cuts.

On restrictions put on Chinese investment in India, the official clarified that no decision had yet been taken to restrict China through the Foreign Portfolio Investment (FPI) route.

Asked about monetising government debt, the official said that the issue would be looked at when we reach a stage. It has not come to that stage yet.

In the government's over Rs 20 lakh crore economic package, the official defended its structure while suggesting that comparisons with the economic packages of other countries should not be drawn as India's needs were different from others.

"We have gone in more reforms that is needed to give strength to the economy. This is required more in our country," the official source said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 18,2020

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
August 2,2020

New Delhi, Aug 2: The National Commission for Women (NCW) has issued notice to some Bollywood celebrities named in a complaint against the promoter of a company for allegedly blackmailing and sexually assaulting a number of girls on the pretext of giving them a career in modelling.

Taking cognizance of the complaint filed by social activist Yogita Bhayana of People Against Rape in India (PARI), the NCW scheduled a virtual hearing presided by its chairperson on August 6.

The complaint against Sunny Verma, promoter of a company named IMG Ventures with its headquarter in Chandigarh, alleged that he has been blackmailing and sexually assaulting a number of girls on the pretext of giving them career in modelling.

PARI's Yogita Bhayana wrote a complaint letter to NCW chairperson Rekha Sharma.

"Through his company, he (Sunny Verma) invites the girls on the pretext of organising a Miss Asia contest with a claim that the contest will launch them as models. To make it look genuine, his company has also been taking an entry fee of Rs 2,950. Once the girls apply, they are alluded by the female accomplices of Sunny Verma to submit their nude pictures in order to get the better ranking in the contest," the complaint letter said on July 31.

It alleged that Verma, after receiving the pictures and sometimes even before, used to get in touch with the girls and ask for completely nude pictures and videos.

The complaint letter said that Verma also used to allude as well as threaten the girls to submit to his sexual desires if they were interested in modelling as a career or wish to win the contest.

"Once he established a physical relationship with the girls, he used to blackmail them for regular sexual favours. Many girls from across the country have suffered a sexual and mental assault from Sunny and his accomplices," said the complaint citing several letters, texts and audio clips from several girls as proof of this modus operandi of Sunny Verma and his company.

The complaint also said that Sunny Verma has been previously also arrested on charges of sexual assault.

"We would demand that NCW should investigate the case to its depth and get the guilty punished so that any other person should not dare to exploit these kinds of innocent girls on any pretext. It will be a message to people like Sunny Verma and all associated Bollywood stars. Looking forward to strict action from NCW against sexual offenders like Sunny Verma & others," the complaint said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.