A new malware dubbed as Judy is hitting Android devices, according to a report from security research firm Check Point. The malware has affected as many as 36.5 million Android devices, making it potentially the most widely-spread malware yet found on Google Play.
“Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company under the moniker ENISTUDIO Corp., said the research firm which discovered the malware and alerted Google. Iterations of the same attack were found on a handful of apps from other publishers. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.
The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown. Judy relies on the communication with its Command and Control server (C&C) for its operation.
The report stated,
We also found several apps containing the malware, which were developed by other developers on Google Play. The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly.