According to many internet security researchers, this is the biggest Google Play Store virus activity
that has ever taken place. Covering a huge number of users all over the
world, ranging up to 36.5 million, shows how alarming the situation can
be. The software works on the simple principle of ad-clicking.
The security reviewing team at Checkpoint
revealed in one of their blog posts this week that most of these
Android applications are developed in Korea. The main purpose of
creating such malicious applications is to generate fake ads as soon as
the user clicks on the screen or closes an ad. Around 41 Android Apps
were identified in this post by Checkpoint.
All of these harmful content containing
applications were developed by the same developer named Kiniwini, which
is based in Korea. Moreover, these applications are launched under the
name of ENISTUDIO Corp.
The adware program is now famously known
as Judy, which has been the main source of generating fake revenues from
ad creation without letting the user know about it.
Some other applications were also found
to be following the same pattern of trickery. These applications were
built by different developers from across the globe. Yet all of them
created the same type of harmful content.
The connection between these two
different sourced but similarly functioning applications is still
unknown and it is believed to be impossible that one developer simply
uses another developer’s code.
It does not happen very often that you
find an actual company funding and supporting such activities involving
malware. This is why fingers are pointed at purely malicious content
creating organizations according to web security researchers at
Checkpoint.
These applications are developed under a
specific pattern of coding so that they pass the Google Bouncer
Protection barriers and prove themselves to be harmless.
However, once the user downloads one of
these applications into his device, the application registers the user
and mobile at an unknown server which may be at a remote location which
starts to send and receive harmful content to it directly. Same was the
case with Judy Android malware.