Online security researchers at Checkpoint have recently come across a zero-day malware dubbed Judy  which was being distributed on the popular mobile download platform Google Play. The extent of this Android-based malware campaign is unprecedented: as many as 41 Judy-related fashion, animal care, and cooking games were found lurking for the unsuspecting players, sometimes, for years at a time. The oldest app with the malicious code dates back to April 2016, thought the real beginning of the malware distribution may go back even further than that. Based on primary estimations, the malware could have potentially affected between 4 to 36.5 million users. If these numbers are accurate, we might be dealing with the biggest Android breach to date. Luckily, Google has already banned all the malicious apps from the Play store, immobilizing the further spread of the malware. However, many are still curious what has made this malware so successful and who stands behind this evil creation. We try to answer these questions below.
What has led Judy applications to become so popular was the fact that they all had good ratings on the Google Play store and were praised by the users. Only these were NOT legitimate ratings. The criminals auto-generate obscure comments such as “Fun” “Awesome Game,” etc. to boost the ranking of their malicious apps, making them more look more trustworthy and appealing. So, next time you feel like brightening your day with some fun new game, don’t just go downloading random apps without closely examining them. Go through the desired product reviews attentively, check what permissions does it require and spare a minute to skim through the EULA.