The researchers from Check Point, the apps were available on the Play Store for over a year, but have been clean and virus-free for most of the times. It appears that starting with April 2016, the apps were slowly updated with malicious codes.
The purpose of this source code was to launch browser apps, load an URL, and use JavaScript to locate and click on specific banner that would bring profits to the malware’s creator.
According to Check Points, almost all malicious apps were made by a South Korean company called Kiniwini, but registered on the Google Play Stores as ENISTUDIO corp. It is unclear if the company added the malicious codes itself, or its server were compromised and the code added by a third-parties.
Furthermore, besides the hidden ad-clicking activities, the operators of the Judy malware used it to insert intrusive ads in other app by overlaying, almost to the point that users had no possibility of viewing or interacting with the original app’s contents. A list of apps infected with the Judy Android malware is available down below.
| Package name | App name | Date | Min | Max |
| air.com.eni.FashionJudy061 | Fashion Judy: Snow Queen style | 24.3.17 | 100,000 | 500,000 |
| air.com.eni.AnimalJudy013 | Animal Judy: Persian cat care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy056 | Fashion Judy: Pretty rapper | 24.3.17 | 50,000 | 100,000 |
| air.com.eni.FashionJudy057 | Fashion Judy: Teacher style | 24.3.17 | 50,000 | 100,000 |
| air.com.eni.AnimalJudy009 | Animal Judy: Dragon care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.ChefJudy058 | Chef Judy: Halloween Cookies | 10.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy074 | Fashion Judy: Wedding Party | 7.4.17 | 50,000 | 100,000 |
| air.com.eni.AnimalJudy036 | Animal Judy: Teddy Bear care | 16.4.17 | 5,000 | 10,000 |
| air.com.eni.FashionJudy062 | Fashion Judy: Bunny Girl Style | 24.3.17 | 50,000 | 100,000 |
| air.com.eni.FashionJudy009 | Fashion Judy: Frozen Princess | 7.4.17 | 50,000 | 100,000 |
| air.com.eni.ChefJudy055 | Chef Judy: Triangular Kimbap | 10.4.17 | 50,000 | 100,000 |
| air.com.eni.ChefJudy062 | Chef Judy: Udong Maker – Cook | 10.4.17 | 10,000 | 50,000 |
| air.com.eni.FashionJudy067 | Fashion Judy: Uniform style | 24.3.17 | 10,000 | 50,000 |
| air.com.eni.AnimalJudy006 | Animal Judy: Rabbit care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy052 | Fashion Judy: Vampire style | 24.3.17 | 100,000 | 500,000 |
| air.com.eni.AnimalJudy033 | Animal Judy: Nine-Tailed Fox | 18.4.17 | 100,000 | 500,000 |
| air.com.eni.ChefJudy059 | Chef Judy: Jelly Maker – Cook | 10.4.17 | 50,000 | 100,000 |
| air.com.eni.ChefJudy056 | Chef Judy: Chicken Maker | 10.4.17 | 50,000 | 100,000 |
| air.com.eni.AnimalJudy018 | Animal Judy: Sea otter care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.AnimalJudy035 | Animal Judy: Elephant care | 16.4.17 | 5,000 | 10,000 |
| air.com.eni.JudyHappyHouse | Judy’s Happy House | 10.4.17 | 100,000 | 500,000 |
| air.com.eni.ChefJudy036 | Chef Judy: Hotdog Maker – Cook | 29.3.17 | 50,000 | 100,000 |
| air.com.eni.ChefJudy063 | Chef Judy: Birthday Food Maker | 10.4.17 | 50,000 | 100,000 |
| air.com.eni.FashionJudy051 | Fashion Judy: Wedding day | 20.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy058 | Fashion Judy: Waitress style | 24.3.17 | 10,000 | 50,000 |
| air.com.eni.ChefJudy057 | Chef Judy: Character Lunch | 10.4.17 | 100,000 | 500,000 |
| air.com.eni.ChefJudy030 | Chef Judy: Picnic Lunch Maker | 10.4.17 | 500000 | 1000000 |
| air.com.eni.AnimalJudy005 | Animal Judy: Rudolph care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.JudyHospitalBaby | Judy’s Hospital:pediatrics | 10.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy068 | Fashion Judy: Country style | 24.3.17 | 10,000 | 50,000 |
| air.com.eni.AnimalJudy034 | Animal Judy: Feral Cat care | 16.4.17 | 10,000 | 50,000 |
| air.com.eni.FashionJudy076 | Fashion Judy: Twice Style | 20.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy072 | Fashion Judy: Myth Style | 20.4.17 | 50,000 | 100,000 |
| air.com.eni.AnimalJudy022 | Animal Judy: Fennec Fox care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.AnimalJudy002 | Animal Judy: Dog care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy049 | Fashion Judy: Couple Style | 24.3.17 | 100,000 | 500,000 |
| air.com.eni.AnimalJudy001 | Animal Judy: Cat care | 14.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy053 | Fashion Judy: Halloween style | 7.4.17 | 100,000 | 500,000 |
| air.com.eni.FashionJudy075 | Fashion Judy: EXO Style | 7.4.17 | 50,000 | 100,000 |
| air.com.eni.ChefJudy038 | Chef Judy: Dalgona Maker | 28.3.17 | 100,000 | 500,000 |
| air.com.eni.ChefJudy064 | Chef Judy: ServiceStation Food | 10.4.17 | 10000 | 50000 |
| air.eni.JudySpaSalon | Judy’s Spa Salon | 10.4.17 | 1,000,000 | 5,000,000 |
| Total | 4,620,000 | 18,420,000 |
Despite apps going through periodic review, Google’s Play Store security system, named Bouncers, wasn’t able to pick up the malware’s malicious activities. Nonetheless, help is coming!
According to Google’s, this new service continuously scans all Android apps and user devices for malicious behavior and uses machine learning to detect any suspicious activity on their phones. Once it detects a malicious app, it removes it from the phones of all users who installed it.
The new Google Play Protect service suite is currently shipping to all devices with the Google Play app installed in their devices.
Take your time to comment on this article.