Judy Malware

After the recent Ransomware attack that targeted the obsolete versions of Microsoft Windows, a new malware has emerged and this time, on Google’s Play Store.

The malware named ‘Judy’ was found in over 41 Google Play Store apps. By far, ‘Judy’ has already infected around 8.5 Million to 36.5 Million Google Play Store users.

Security Research firm ‘Check Point’ discovered the Judy malware first and informed Google of the same. Though Google has started removing the infected apps from the Play store, the malware affected apps have already reached a count of more than 4.5 Million downloads.

As per a blog posted by Check Point, Judy Malware has evaded Google’s security checks since more than a year as it was found on Apps dating back to April 2016.

“The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated” .

Judy Malware

Judy Malware is believed to have been created by a South Korean firm named Kiniwini. Essentially an ‘auto-clicking adware’, the malware is aimed at making money for the developers by auto-clicking on ads through the infected devices.

As per the researchers, Kiniwini uses the name ENISTUDIO corp on the Google Play Store.

The Malware spread comes as a direct threat to Google’s reputation as the malware has been able to operate on its Google Play Store undetected, for more than a year.

What is Judy?

It is an adware that is used to generate fraudulent clicks to gain revenue. It generates false clicks on affected devices. Almost 41 apps are spreading this malware and ‘Judy the chef’ is the common character among them. Hence, it is called Judy.

How widely has it spread?

There are 41 apps developed by Korean studio Estudio which are spreading the Judy malware. There are other developers that are spreading it as well. The Checkpoint blog said the malware is expected to be downloaded on around 18.5 million devices. Upto 36.5 million devices can be affected by it. Some of these apps have been on the Google Play store for a long time.

How does it work?

The fraudulent apps act as bridges to connect the user’s device to the adware server. Once the connection is established, the malware imitates itself as a PC browser to open a page and generate clicks.

How to ensure that you are safe?

On Checkpoint’s recommendation, Google has removed the malicious apps and updated the Bouncer protection, which is a mechanism to scan the apps. But just to be sure, you can check the list of apps published by the security research firm.


Please enter your comment!
Please enter your name here

Reload Image