Google Scraps Judy Malware Infected Apps Downloaded By 36M Android Users

This can be the biggest adware campaign against Android users.

Checkpoint researchers revealed that various apps were being downloaded through Google Play and that these so-called apps installed adware into users’ Android phones, secretly tricking them into click ads while earning millions through Google’s pay-per-click feature.

The biggest ad fraud: It has been reported that after the campaign was revealed, Google removed over 40 apps that were thought to be infected with the malware. However, it seems that Google response was too late as reports indicated that the apps had been downloaded 36 million times. This is quite surprising since even at this magnitude, Google’s rigorous software was unable to detect the malware in these apps. The malware is known as “Judy.”

One of the Judy malware infected apps.
Kiniwini – the main culprit: It has been reported that the South Korean firm, Kiniwini, is behind this campaign. Essentially, the company has created games with the malware installed in them that goes undetected by Google Bouncer – which is a software that prevents such adware getting downloaded through Google Play.

How does it work? The mechanism is quite tricky and yet very easy to exploit as explained by one of the security researchers. Primarily, the malware is not downloaded when a user downloads an app. Rather, once the app is downloaded and installed, it is only after that the malware gets injected into the app.

Later, the apps execute code that automatically keeps clicking on ads on Google thus earning the company Kiniwini, millions in ad revenue. According to the latest estimate, the firm has been making $300,000 per month. Furthermore, there are some apps that instead of clicking the ads automatically, simply display ads that can only be removed if the user taps or clicks on them.

More:  Viner Amanda Cerny' Vine Account Hacked; Verification Badge Removed

Kiniwini and Google have nothing to say: Both Kiniwini and Google were requested to comment on the situation, but both declined to respond to any requests. Kiniwini simply posted on its blog that some of its apps are being removed from Google Play, but did not mention any particular reason for the removal.

Kiniwini is not the first: Such adware is not uncommon in the Android world. In fact, a Google security expert states that there are many other apps which effectively hide the malware from detection. They are neither captured by anti-virus software nor are they intercepted by Google. One of the reasons for this is that while on Google Play, these apps are nothing more than innocent software. However, it is only after they are downloaded, that the apps start to get loaded with the infection.

Apps Affected with Judy Malware:

“Animal Judy: Persian Cat Care, Fashion Judy: Pretty Rapper, Fashion Judy: Teacher Style, Animal Judy: Dragon Care, Chef Judy: Halloween Cookies, Fashion Judy: Wedding Party, Animal Judy: Teddy Bear Care, Fashion Judy: Bunny Girl Style, Fashion Judy: Frozen Princess, Chef Judy: Triangular Kimbap, Chef Judy: Udong Maker – Cook, Fashion Judy: Uniform Style, Animal Judy: Rabbit Care, Fashion Judy: Vampire Style, Animal Judy: Nine-Tailed Fox, Chef Judy: Jelly Maker – Cook, Chef Judy: Chicken Maker, Animal Judy: Sea Otter Care, Animal Judy: Elephant Care, Judy’s Happy House, Chef Judy: Hot Dog Maker – Cook, Chef Judy: Birthday Food Maker, Fashion Judy: Wedding Day, Fashion Judy: Waitress Style, Chef Judy: Character Lunch, Chef Judy: Picnic Lunch Maker, Animal Judy: Rudolph Care, Judy’s Hospital: Pediatrics, Fashion Judy: Country Style, Animal Judy: Feral Cat Care, Fashion Judy: Twice Style, Fashion Judy: Myth Style, Animal Judy: Fennec Fox Care, Animal Judy: Dog Care, Fashion Judy: Couple Style, Animal Judy: Cat Care, Fashion Judy: Halloween Style, Fashion Judy: EXO Style, Chef Judy: Dalgona Maker, Chef Judy: Service Station Food, Judy’s Spa Salon.”

Recently, the Russian security firm, Group-IB, revealed that an Android malware going by the name of Chron was hidden in almost 1 million apps. The perpetrators, however, have been arrested. The malware was created to steal bank information and intercept any authorization codes sent by banks. Google, however, seems to be hiding the weakness in its system saying that only 0.05% of the devices have been affected. Even then, such a percentage may still mean millions of devices in numbers.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

More:  Payments Giant Verifone Suffers Data Breach