Google Removes Multiple Apps In Judy Malware Campaign

What may just be the largest malware campaign in Google Play’s history is named Judy.

Check Point discovered 42 apps on the Google Play Store, all from one developer, which was really malware. The malware is dubbed Judy because many of the apps were games involving the virtual character Judy. The developer is Korea based Kiniwini publishing under the name of ENISTUDIO Corp.

The malware is actually adware. “Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server,” states Check Point”The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”

The collected apps have between 4.5 million and 18.5 million downloads from the Google Play Store, although it is unknown how long the malicious code has been present within the apps. Google quickly removed all offending apps from the Play Store once notified. While Check Point has only commented on Kiniwini apps within the Google Play Store, the developer has 45 Judy apps still available within the Apple App Store.



Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.