You know it’s a problem when even a company like Google can’t keep bad apps out of it’s own Play Store. While we’ve seen several instances of lone bad apps sneaking into public release on the official Android app store, this latest batch of malware is surprisingly prodigious and apparently managed to go undetected for almost a month. The majority seemed to have been released as games from a South Korean developer, all of which feature a character named “Judy”. The malware, dubbed the same as the titular character, isn’t actually part of the game (which has its own unavoidable advertising to click through) but is installed after the game is loaded, and is designed to open other advertisements and click them to generate revenue for the advertisers. This particular denizen of hell is known as an ad-clicker, and as you can imagine, having it clicking ads on millions of phones will add up to some serious dollars.
What this means for you
Up until maybe a year ago, my standard advice to all smartphone users has been to restrict your app browsing to the official Google and Apple stores, though Amazon has done a decent job keeping the riff-raff out as well. Most malware infections and hacked phones were typically traced back to “side-loading” apps found on “unofficial” stores, but this latest batch of nastiness was downloaded by millions of people from Google’s own backyard. My most recent addendum to this advice has been to make sure you read the reviews on the app, and to carefully monitor the permissions it requests before installing, as well as to keep an eye on the apps data consumption. Unfortunately, one of the other areas in which Google and Apple are being outplayed is in the review system which is under assault by comment bots and overseas sweatshops designed to pump store ratings on bad or spammy apps that otherwise would be downvoted into oblivion, so this method of determining legitimacy is now much less trustworthy. If you don’t have the technical chops to determine if the permissions requested for an app install are appropriate, make sure you ask an expert. And if you are at all in doubt, maybe a virtual playdate with Judy isn’t something you need on your smartphone right now. There are plenty of completely legitimate, free apps available for install that won’t turn your device into a zombie for the ad-clicking bot swarm, but it will take some vigilance to find the right one.