Malicious auto-clicking ad software on Android known as ‘Judy,’ has reportedly reached as many as 36.5 million phones. Discovered by security firm Checkpoint, the malware uses Android devices to generate significant amounts of fraudulent clicks on advertisement, with revenues going to the perpetrators.
In a blog post, Checkpoint says this might be the largest malware campaign found on Google Play to date. Judy is said to have been downloaded between 4.5 million and 18.5 million times, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.
Checkpoint says that because it is unknown how long malware existed inside some of these apps, a specific number of affected users can’t be identified. The firm says one app, in particular, hadn’t been updated since April 2016, meaning that the malicious code had remained undetected on the Play Store for quite some time.
The malware was found in 41 apps developed by a Korean company called Kiniwini, which is registered on Google Play as Enistudio corp. Once the firm informed Google of Judy, all of Kiniwini’s apps were removed from the Play Store. The company has developed apps for both Android and iOS platforms.
However, Checkpoint says it found several apps containing the malware that had been developed by companies besides Kiniwni. Checkpoint says it’s “unclear” if there is a direct connection between all of the apps, noting that it’s possible that code was borrowed between apps “knowingly or unknowingly.”
A full list of the apps carrying Judy, as well as other information on the malware, can be found on Checkpoint’s blog.
Recently, other malware on Android known as “Cloak and Dagger” was discovered, which allows hackers to hide malicious activity from users on the OS.