Over 36.5 million Android users infected by Judy malware

Judy Malware

Security firm Check Point has uncovered a massive malware campaign that stretches back several years, hiding in plain sight within the Google Play Store. Commonly referred to as Judy, the adware might have affected over 36.5 million Android users.

Check Point claims that a Korean company called Kiniwini, registered as ENISTUDIO Corp on the Google Play Store, is behind the malware. 41 apps developed by the brand contained the nefarious code, in addition to others made by different developers.

ENISTUDIO was able to thwart Google’s protections by creating a benign bridgehead app under the Judy brand name which allowed it to get inside the Play Store. Once the application gets installed in a victim’s device, the adware silently establishes a connection with its Command and Control server (C&C) to receive the malicious payload code.

Also See: Gmail users hit with massive Google Docs phishing scam

Judy then opens URLs via the user agent and redirects to another site where JavaScript code is utilized to click on Google ads. The malware author in turn gets paid by the website for the illegitimate clicks and traffic. Given Judy’s spread, the adware probably generated a large amount of revenue for the attackers.

Check Point says that Google removed the malevolent apps swiftly upon learning about Judy’s existence. The fact that it went undetected for so many years is a cause for worry though. It’s probably best to not take high ratings at face value in light of the malware’s spread, given that many of the apps in question got positive feedback from several people.

You can check out Check Point’s list of Judy malware-laden apps here.