Judy malware may be the largest malware campaign found on Google Play: Check Point

Judy malware may be the largest malware campaign found on Google Play: Check Point

CybersecurityJudy malware may be the largest malware campaign found on Google Play: Check Point


Published 30 May 2017

Check Point researchers last week discovered a widespread malware campaign on Google Play, Google’s official app store. Check Point says that the malware, dubbed “Judy,” is an auto-clicking adware which was found on forty-one apps developed by a Korean company. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.



Check Point researchers last week discovered a widespread malware campaign on Google Play, Google’s official app store. Check Point says that the malware, dubbed “Judy,” is an auto-clicking adware which was found on forty-one apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads.


Some of the apps Check Point discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.


Check Point also found several apps containing the malware, which were developed by other developers on Google Play. The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly. The oldest app of the second campaign was last updated in April 2016, meaning that the malicious code hid for a long time on the Play store undetected.


These apps also had a large amount of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Check Point notes that Judy, similarly to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were swiftly removed from the Play store.

Leave a comment


Register for your own account so you may participate in comment discussion. Please read the Comment Guidelines before posting. By leaving a comment, you agree to abide by our Comment Guidelines, our Privacy Policy, and Terms of Use. Please stay on topic, be civil, and be brief. Names are displayed with all comments. Learn more about Joining our Web Community.