1. Judy malware infects millions of Android smartphones via Play Store, how to check if your smartphone is infected

Judy malware infects millions of Android smartphones via Play Store, how to check if your smartphone is infected

A malware campaign called 'Judy' has reportedly engulfed a large part of Google Play Store and has infected somewhere between 8.5 million to 36.5 million users.

By: | Published: May 29, 2017 1:49 PM
Google has started removing many infected apps from the Play Store. Yet, the Judy malware has managed to get 4.5 million to 18.5 million downloads on the Google Play Store. (Image: Check Point research)

A malware campaign called ‘Judy’ has reportedly engulfed a large part of Google Play Store and has infected somewhere between 8.5 million to 36.5 million users. Security research firm Check Point reported that it had discovered the malware, following which, it had alerted Google. Meanwhile, Google has started removing many infected apps from the Play Store. Yet, the Judy malware has managed to get 4.5 million to 18.5 million downloads on the Google Play Store. Check Point has posted a blog on the issue, where it says that Judy Malware is an ‘auto-clicking adware’. This essentially means that hackers make money by creating fake ad clicks after infecting smartphones. The research firm has spotted some apps developed by a South Korea-based company.

The researchers have said that the name of the South Korean company is Kiniwini and has been mentioned on Google Play Store as ENISTUDIO corp and it is said to develop apps for Android, iOS. The malware or auto-clicking adware essentially uses the infected devices to create fake clicks on advertisements and in turn, it generates revenue for whoever is behind this cyber crime. Check Point writes in its blog post, “The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated.”

You may also like to watch:


These researchers said that they have found many other apps, containing the malware, on Google Play Store. Interestingly, they were developed by other companies. According to CheckPoint, the programme has been present in an app since April 2016. This basically means that it had managed to hide from Google’s scrutiny for more than a year.

(Source: CheckPoint research)

The Judy malware works like this: It creates false clicks on ads, and eventually boosts the revenue of these firms. Basically, the Judy malware manages to escape from Google Play Store’s protection software, and the hackers were able to create a “seemingly benign bridgehead app, meant to establish a connection to the victim’s device, and insert it into the app store.” Once you download the app, it sets up a connection with the Control and Command server. This server delivers the actual malicious payload. The bad programme includes the “JavaScript code, a user-agent string and URLs controlled by the malware author,” explains CheckPoint.

The URLs which are generated, open a targeted website, and the program is used to click on banners from the Google ad technology. These clicks essentially mean payment for the malware creator from original website developer. The code finds ads by looking for iframes, which have ads from Google ads infrastructure.

The Judy Malware issue basically showcases that malware can at times remain invisible even in Google Play Store. The tech giant claims that the Play Store works around the clock to automatically identify malware and apps which can pose risk to the user, but this time it was a clear miss.

If you want to check if your smartphone is affected by Judy, you can only find out by checking whether you have installed any of the apps mentioned in the research blog post. Apart from that, you can only format your device since there is no other way to know. While Google says that it has removed any app which contains the malware, you should be very careful while downloading one.

  1. No Comments.

Go to Top