Last week, researchers at Check Point discovered malware called "Judy" that could have infected as many as 36.5 million Android devices. The auto-clicking adware generates large numbers of fraudulent clicks on ads, resulting in large sums being paid to the hackers behind the operation. The malware was found on 41 apps offered by a Korean firm, and quickly spread between 4.5 million and 18.5 million downloads.
The interesting thing is that many of these apps had been listed in the Google Play Store for years, but all of them had recently been updated. Check Point also discovered a few apps written by other developers that contained the same malware. It isn't known what the connection is between the different developers, and if the malware was knowingly or accidentally spread.
The apps containing the malware are developed by a company from Korea named Kiniwini, using the name of ENISTUDIO corp. on the Google Play Store. For its part, Google has already removed the malicious apps from the Play Store. The apps listed by Kiniwini all included the name Judy in the title, which explains how the malware received its name. It should be pointed out that Kiniwini also develops apps for the Apple App Store.
If you have any of these apps on your phone or tablet, make sure that you delete them immediately.
Judy malware affected as many as 36.5 million Android devices