Judy malware could have affected up to 36.5 million Android users: Check Point

The malware generates clicks on advertisements, which allows the attackers to charge advertisers for the clicks.


Security researchers from Check Point have unearthed one of the largest malware campaigns to affect Android devices. The malware is named "Judy" after a series of 41 applications developed by a Korean company which had the malware.

Apps from several other developers also had the same malware, and the connection between these apps and the Korean ones is not clear. The malicious code from the applications with the malware could may have been knowingly or unknowingly replicated by third-party developers.

The malware generates clicks on advertisements, which allows the attackers to charge advertisers for the clicks. Judy has to communicate with a command and control server for its operations. The malware had been on applications since 2016. There have been between 4.5 and 18.5 million downloads of the applications, which means anywhere between 8.5 million to 36.5 million users could have been affected by the malware. Google has pulled down the infected applications from the Play Store after being alerted by Check Point.

Check Point has clarified that the malware is not just about aggressive advertising, although the affected applications do display an inordinate number of advertisements.

The Korean company thought to be the source is known as Kiniwini, which is registered in the Android Play Store as ENISTUDIO corp and publishes applications for both Android and iOS. It is unusual for such malware to be associated with a registered entity, according to the researchers. More details on the malware and how it operates can be found in a blog post by Check Point.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.