Security firm Check Point has uncovered a massive malware campaign that stretches back several years, hiding in plain sight within the Google Play Store. Commonly referred to as Judy, the adware might have affected over 36.5 million Android users.
Check Point claims that a Korean company called Kiniwini, registered as ENISTUDIO Corp on the Google Play Store, is behind the malware. 41 apps developed by the brand contained the nefarious code, in addition to others made by different developers.
ENISTUDIO was able to thwart Google’s protections by creating a benign bridgehead app under the Judy brand name which allowed it to get inside the Play Store. Once the application gets installed in a victim’s device, the adware silently establishes a connection with its Command and Control server (C&C) to receive the malicious payload code.
Check Point says that Google removed the malevolent apps swiftly upon learning about Judy’s existence. The fact that it went undetected for so many years is a cause for worry though. It’s probably best to not take high ratings at face value in light of the malware’s spread, given that many of the apps in question got positive feedback from several people.
You can check out Check Point’s list of Judy malware-laden apps here.