Malware infects Android phones via Google Play Store

google-play-logoIf you’ve been downloading any new games from the Google Play Store lately, pay attention. According to ZDNet, Security researchers at Check Point Software have just discovered a huge malware campaign infecting some of the apps.

The malware is called Judy, named after the cartoon, doll-like character many of the malicious apps feature. Judy is spread across 41 different apps developed by the same developer, a Korean team called Kiniwini, whose software has been downloaded by around 18 million Android users. Some of these apps have been available for years and are frequently updated. The malware is also infecting apps by other developers on the Google Play Store, but most of those have not seen updates since April of 2016. There is no obvious connection between Kiniwini and the other developers.

Check Point Software says Judy uses Android phones to generate fraudulent clicks on ads, making money for the schemers. There is no telling just how long Judy has been floating around and infecting phones – just that about 18 million users have been compromised.

The Judy apps have gone undetected for so long because they are able to bypass Google Play’s Bouncer protection system. They use a common malware technique in which the malicious code is hidden. But, as reported by ZDNet, once downloaded, Judy apps establish “a connection with a command and control server, which replies with the malicious payload via a JavaScript code, a user-agent string, and URLs controlled by the malware author.”

Kiniwini is registered under the name ENISTUDIO corp, and makes Judy products for iOS as well as Android. Although a scheme like this has not been confirmed for iOS, it might be best to hold off downloading any Judy games on your Apple device for the time being.