What is Judy?
Judy is an adware, which means that the developers of this malware create fake ad clicks after infecting the smartphones. researches found that most of the apps came from the same company in South Korea. The name of the company is Kiniwini and has been mentioned on Google Play Store as ENISTUDIO corp and it is said to develop apps for Android, iOS.
How does Judy work?
Once you download the app Judy, it sets up a connection with the Control and Command server. This server delivers the malicious payload. The bad program includes the “JavaScript code, a user-agent string, and URLs controlled by the malware author,”. Once the app connects to the developer’s server, they generate random URLs. The URLs open a targeted website, and the program is used to click on banners from the Google ad technology. These clicks essentially mean payment for the malware creator from original website developer. The code finds ads by looking for iframes, which have ads from Google ads infrastructure.

Rate this