‘Judy’ malware infects 36.5 million Android users globally

Some of the malware-affected apps have been discovered residing on Google Play for several years

The world is still recovering from the malicious attack, which spread across the globe hitting government departments, universities and companies in nearly 100 countries.

In a new threat, a malware called ‘Judy’ is now infecting millions of Android smartphones globally, says a report from security solutions firm Check Point. The widespread malware campaign aimed at Google Play, Google’s official app store, is possibly the largest malware campaign found on the play store, says Check Point in its blog.
What is Judy malware?
‘Judy’ is an auto-clicking adware which was found on 41 apps developed by a Korean company that uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. An adware is a software that automatically displays advertising material when a user is online.
How bad is the reach of Judy?

According to Check Point, dozens of malicious apps have been downloaded nearly 4.5 million to 18.5 million times. The total spread of the malware campaign on Google Play may have reached between 8.5 and 36.5 million users, Check Point said in its blog. Some of the malware-affected apps have been discovered residing on Google Play for several years, says Check Point.
How come it was unnoticed for so many years?

The oldest app of the second campaign was last updated in April 2016, meaning that the malicious code hid for a long time on the Play store undetected. The nefarious nature of the programmes went unnoticed in large part because its malware payload was downloaded from a non-Google server after the programmes were installed. The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.
What has Google done about this?

After Check Point notified Google about this threat, the apps were swiftly removed from the Play store, the blog said. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown. Just to be sure, you can check the blog for the full list of the malicious apps. Previously, Android-based devices were hit by similar malwares like “FalseGuide” and “Skinner” that also infiltrated through Google Play.