We’ve said before that the nice thing about walled gardens like Apple’s App Store and Google’s Google Play is that there’s little chance that their respective ecosystems will be plagued by viruses or malware, unlike Win32 Windows where you’ll have to keep an eye on your back at all times. Because apps from walled gardens are supposed to be sorted, curated and guarded against malicious code. Now the aforementioned walled gardens continue to trump (for lack of a better word) the Windows Store with hundreds of thousands of apps. The problem now is that there are just too many of these apps. Too many to be curated, too many to be examined and chances for malware to slip in continue to grow. Now both ecosystems are no longer immune to malicious code from people pretending to make a few bucks but are really after more. If the Windows Store does pick up, it will suffer the same fate as well. The first major walled garden weed infestation was XcodeGhost on iOS. The latest reported malware infestation we now have is on Android with the sweet name of Judy.

Can’t help but think of Judy Jetson whenever I hear the name, but Judy is now the name of the malware possibly residing in more than 36 million Android devices. Fortunately, it’s not as harmful as the last major infestation on iOS which is XcodeGhost which opens up iOS devices to security hacks. Judy is more of a gold digger, like a fabulous, fashionable wife who at least knows how to cook. Judy is an extensive line of fashion and cooking apps with cute characters where players can play in simulated kitchens and restaurants or the equivalent of dress-up paper dolls which my little girl used to love playing. These Judy apps have a background process where they click on Google ads which creates revenue for the app maker like what’s done on click to pay sites whose mechanics still escape me.

After being reported by the security firm Checkpoint, the Judy line of apps have since been pulled from Google Play.  App owners who are unaware of this news, however, will continue to make money for the app maker unless Google emails them to remove the apps from their devices. Now how did Judy slip by Google’s gardeners? According to Checkpoint, the Judy line of apps showed no malicious code except for some lines that downloaded content from non-Google servers. The malware itself isn’t really harmful to the user, but if the user doesn’t mind sharing his bandwidth or making another guy rich through cheating, it should be okay. However, the app maker can do something entirely different and harmful if the Judy malware module is modular and independent of the main Judy app. Players should remove Judy right away, and she wouldn’t be missed as there are hundreds of similar apps on Google Play.

This isn’t the first major malware infestation on Google Play. There’s also FalseGuide which hid within over 40 game guide apps and has managed to infect over 600,000 users. Game guide apps are simple reference apps for popular games like how to build faster on Clash of Clans or how to find rare Pokemon in Pokemon Go. Unlike Judy, FalseGuide is into creating a botnet in order to spread adware. Like Judy, FalseGuide indirectly harms the user by using up processing cycles and bandwidth the effects of which are sluggish devices and connections. Aside from delivering adware to other users, these botnets can be used to crash websites with DDOS attacks, penetrate private networks or modify the device itself. Again, Checkpoint claims the credit for detecting this malware and warns users to avoid guide apps that ask for administrator permissions on users’ devices. Other Google Play malware that Checkpoint detected is Viking Horde which is a botnet that hides in the app Viking Jump and the malware DressCode, another botnet that hides in dress-up games.

Guess the walls are starting to come down and the watchtowers are few and far in between. If you’re aware of the Attack on Titan anime, it’s the same situation. It’s hard to recommend vigilance since this malware is like wolves in sheep’s clothing. The best way to keep protected is to keep up with the news to know what cute and cuddly apps are actually Klingon-killing Tribbles.

Leave a Reply