Google has withdrawn scores of apps from its Play marketplace after researchers warned they were responsible for the spread of auto-clicking adware to as many as 36 million mobile devices.
Check Point found the “Judy” malware on 41 apps developed by a Korean firm, and several by other developers which may or may not be linked to the campaign.
Some of the apps had been on Google Play for years but were “recently” updated, so the researchers were unable to specify how long the malware had been out there.
However, the infection may have spread to as many as 36.5 million users, the vendor claimed in a blog post.
The app itself was allowed onto Play because it technically contained no malware and was seemingly produced by a reputable developer.
However, once a user downloaded the initial “bridgehead” app, it registered “receivers” which allow it to connect to a C&C server.
“The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website,” Check Point explained.
“Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”
These illegitimate clicks may have earned the developers significant sums, given the number of infected devices involved.
As well as clicking on ads, the malware displayed a large number of ads to the user, which sometimes forced them to click through just to get rid of them, Check Point explained.
Interestingly, the offending apps – which were swiftly removed by Google – had a high reputation on Play, indicating that users can’t necessarily trust what they’re downloading, even from official app stores.
David Emm, principal security researcher at Kaspersky Lab, argued that it’s time users cleaned up their smartphones.
“The build-up of digital clutter means that app cleansing and updating are now more important than ever to combat malware that uses apps’ vulnerabilities to penetrate devices,” he added. “However, the most important thing is still to protect the device itself by employing internet security software and implementing regular updates.”