What Is Judy The Malware and How Does It Operate

   Checkpoint online forensic researchers have discovered a malware that attacks android phones and it’s name is Judy. The malware has hit millions of Android phone users last May 2017. The malware named Judy was found in at least forty one apps that had the Judy name on it. Checkpoint had told Google about it. As of my knowledge Google has removed these apps and they have added security measures like Play Protect. As Android phone users we must know how to protect ourselves. This is why you must update your security patches. This malware originated from the app called “Judy the chef.” It was designed to be an auto - clicking adware that infects android phone devices so that it can generate a huge amount of fraudulent clicks on advertisements so that it can produce a big revenue for the perpetrators that  are bound to gain from it. If you have been infected by tis malware there is no way to fix it except by reformatting your android phone.

    The malware named Judy works upon downloading the app and it quietly registers a receiver that makes a connection with the common and control server. The server will respond by using a malicious payload that has a dubious javascript code, a user - agent string and URL’s that are managed by the author of this malware. The malware will gain access to the URLs through the user agent that mimics a PC browser that is well concealed in a hidden webpage and then it is diverted to a particular website. When that particular website is put in motion, the malware will use the javascript code to locate and start clicking on the banners coming from Google ads. When the ads are clicked, the author of the malware will begin receiving payments from the website developer. The javascript code finds the intended ads by looking for iframes which incorporates ads coming from Google.