Judy Malware Affected Up to 36.5 Million Android Users via Google Play, Says Check Point

Researchers at Check Point, which recently reported malicious subtitles, have now reported a new malware campaign on Google Play. Dubbed 'Judy', the auto-clicking adware was found on 41 apps developed by a Korean company, according to researchers.

The malware used infected devices to generate fraudulent clicks on advertisements for generating revenues. Researchers claim that the 'Judy' malware has affected between 8.5 million and 36.5 million Android devices as the malicious apps saw downloads between 4.5 million and 18.5 million. Notably, Google removed the malicious apps from the Google Play store after Check Point notified it about the threat.

"Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," writes Check Point team talking about the Judy malware.

Researchers also found several apps containing Judy malware developed by other developers on Google Play. Though, any connection between the two malware campaigns couldn't be established. "The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly," adds the team.

Check Point reported that the oldest app in the second campaign from other developers were last updated in April 2016 which means that the "malicious code hid for a long time on the Play store undetected."

Researchers also add that similar to previously reported malicious apps like FalseGuide, Judy also relies on the communication with its Command and Control server (C&C) for its operation.

Check Point last month reported FalseGuide botnet malware which infected millions of Android devices via Google Play, and which was hidden in over 40 guide apps for games in Google Play.