Google Removes Apps That Infected 36.5 Million Android Users

‘Judy’ malware is an auto-clicking adware which seems to be developed by a company based in South Korea.


A security research from Check Point has reported a malware named ‘Judy’ which was found in over 41 apps in Google Play Store. During the time it was being downloaded, it has managed to infect between 8.5 and 36.5 million users. Google has already started removing all of the infected apps from the Play Store.

It seems that the Judy malware has been able to research anywhere between 4.5 and 18.5 million downloads from the Google Play Store. According to the research, ‘Judy’ malware is an auto-clicking adware which seems to be developed by a company based in South Korea. This malware was designed to use the devices that have been infected to create a false click on ads and with that to generate payment for the developers of the malware.

Check Point has said that the malware had reached an astonishing spread of millions of downloads and that some of the infected apps were actually present on Google Play Store for several years. All of the apps were recently updated.

Check Point also discovered other apps on the Play Store that contain the aforementioned malware, but these have been developed by different countries. According to the research, the code was present in an app since April 2016. This means that it was undetected by Google for almost a year.

What the malware does is that it creates false clicks on ads and with that generates the revenue of the companies that created it. It seems that it was able to bypass Play Store’s protection and establish a connection to the user’s device once downloaded.

After the download, the malware would set up a connection with the servers that delivers the malicious payload. This would include URL’s that are controlled by the developer of the malware.

These URL’s are used to open a website that was targeted and a code is used to generate false clicks on an ad. Each time the code ‘clicks’ on an ad, it generates a payment forwarded to the malware author. What this shows is that even the biggest and most protected companies in the world are susceptible to malware attacks.

Google is, obviously, working around the clock to find a way to automatize the detection of malware and prevent that users get infected.