Check Point, a security software company, has revealed that their researchers discovered another widespread malware campaign on the official Google app store, Google Play.
The malware, dubbed “Judy”, is an auto-clicking adware which was discovered on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, resulting in generated revenue for the companies behind the ads.
The malicious apps reached a whopping amount of downloads, between 4.5 million and 18.5 million. Some of the apps discovered had been residents on Google Play for several years, but had all been very recently updated. Because it is unknown how long the malicious code existed in the apps, the true spread of the malware can’t truly be known.
Also found were several apps containing the malware which had been developed by other developers on Google Play. At the moment the connection between the two campaigns remains unclear, but it is entirely possible that one borrowed code from the other either knowingly or not.
The oldest app of this second campaign was last updated in April 2016, meaning that the malicious code was hidden, undetected, on Google Play for more than a year.
These apps also had a large amount of downloads (between 4 and 18 million), meaning the total spread of the malware across both campaigns may have reached between 8.5 and 36.5 million users.
Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were quickly removed from the Play store.