According to many internet security researchers, this is the biggest Google Play Store virus activity that has ever taken place. Covering a huge number of users all over the world, ranging up to 36.5 million, shows how alarming the situation can be. The software works on the simple principle of ad-clicking.
The security reviewing team at Checkpoint revealed in one of their blog posts this week that most of these Android applications are developed in Korea. The main purpose of creating such malicious applications is to generate fake ads as soon as the user clicks on the screen or closes an ad. Around 41 Android Apps were identified in this post by Checkpoint.
All of these harmful content containing applications were developed by the same developer named Kiniwini, which is based in Korea. Moreover, these applications are launched under the name of ENISTUDIO Corp.
The adware program is now famously known as Judy, which has been the main source of generating fake revenues from ad creation without letting the user know about it.
Some other applications were also found to be following the same pattern of trickery. These applications were built by different developers from across the globe. Yet all of them created the same type of harmful content.
The connection between these two different sourced but similarly functioning applications is still unknown and it is believed to be impossible that one developer simply uses another developer’s code.
It does not happen very often that you find an actual company funding and supporting such activities involving malware. This is why fingers are pointed at purely malicious content creating organizations according to web security researchers at Checkpoint.
These applications are developed under a specific pattern of coding so that they pass the Google Bouncer Protection barriers and prove themselves to be harmless.
However, once the user downloads one of these applications into his device, the application registers the user and mobile at an unknown server which may be at a remote location which starts to send and receive harmful content to it directly. Same was the case with Judy Android malware.