There’s a new strain of Android malware going around, and it might be one of the most annoying yet.
On Tuesday, mobile security analysts at Check Point uncovered the innocuous-sounding Judy, code that’s infected at least 41 different apps on the Google Play Store, Android’s app marketplace. Once installed, Judy opens internet links and imitates the behavior of a PC, using JavaScript to hunt down and fraudulently click on ads served by Google’s advertising platform.
Most of Judy’s ad-serving occurs in the background, but the adware also injects a large number of advertisements into applications — in some cases leaving users no option but to click on them.
The endgame is to rake in revenue by infecting as many Android devices as possible, and the Judy hackers are well on their way. The malware bypassed Bouncer, Google’s AI-powered Play Store filter that automatically flags malware, by creating a benign “middleware” app that silently establishes a connection with a remote server and installs Judy’s code.
