If you’ve been downloading any new games from the Google Play Store lately, pay attention. According to ZDNet, Security researchers at Check Point Software have just discovered a huge malware campaign infecting some of the apps.
The malware is called Judy, named after the cartoon, doll-like character many of the malicious apps feature. Judy is spread across 41 different apps developed by the same developer, a Korean team called Kiniwini, whose software has been downloaded by around 18 million Android users. Some of these apps have been available for years and are frequently updated. The malware is also infecting apps by other developers on the Google Play Store, but most of those have not seen updates since April of 2016. There is no obvious connection between Kiniwini and the other developers.
Check Point Software says Judy uses Android phones to generate fraudulent clicks on ads, making money for the schemers. There is no telling just how long Judy has been floating around and infecting phones – just that about 18 million users have been compromised.
Kiniwini is registered under the name ENISTUDIO corp, and makes Judy products for iOS as well as Android. Although a scheme like this has not been confirmed for iOS, it might be best to hold off downloading any Judy games on your Apple device for the time being.