New Malware Could Infect 36.5 Million Android Users Globally

New Malware Could Infect 36.5 Million Android Users Globally


As many as 36.5 million Android users may have been infected by an advertising fraud malware, thought to be the largest malware campaign ever.


With the business world still recovering from the fallout caused by the “WannaCry” ransomware attack, a new threat has arisen. Targeting 10s of millions of Android phone users on one of the world’s most popular app marketplaces, where it has lurked for years.


The Malware campaign dubbed “Judy” after one of the infected applications, is an auto-clicking adware which was found on 41 applications developed by a Korean company and spread throughout Google Play Store, one of the world largest application marketplaces.


The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenue for the perpetrators while severely hindering the performance of infected mobile devices.


The malicious application has been spread through between 4.5million and 18.5 million downloads, some of the infected applications have been available to download from Google Play Store for several years. It is unclear how long the malicious code has existed inside the apps, and therefore the actual numbers remain unclear.


Several other apps from different developers also contained the same malware, possibly through borrowing code knowingly or unknowingly. The oldest infected application on the store was last updated in April 2016, which means the malicious code has remained hidden for at least a year undetected.


These apps also had as many as 18 million downloads, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.


Judy managed to bypass, Google Play’s protection, by being implemented as a benign piece of code inside of the app. Once the user had downloaded the application it silently downloads a receiver which connects to its command center and downloads a malicious payload. Once the malicious payload is on the devices the malware will automatically activate.


The malware itself imitates an internet browser, which clicks adverts when users are browsing the internet or playing a game. The fraudulent clicks generate a large revenue for the perpetrators, especially since the malware reached a presumably widespread of people. At this moment, it appears nothing has been stolen from users. But the secret gateway it creates could be used to steal credit card details and other sensitive information from a phone,


Google Play Store confirmed today that they had pulled down all policy violating applications from the report.


Android currently makes up around 75% of Thailand’s mobile phone market share. Many varieties of malware are able to transfer inside networks like offices and coffee shops. If you think you or your business is infected with malware or ransomware, contact Aware today info@aware.co.th.


Other Applications that contained the Judy virus Included:

Credit: CheckPoint


Package name App name Date Min Max Developer
com.CoupleDday 커플디데이 (커플기념일, 위젯) 2-Apr-17 100,000 500,000 Neoroid
com.DogSound Dog Music (Relax) 29-Jun-16 10,000 50,000 Neoroid
com.kakaotalkchatanalyst.ks 카카오톡 대화분석기 25-Feb-16 1,000,000 5,000,000 DeepEnjoy
com.PeriodCalendar 황금기 알리미 (여성달력) 20-Apr-16 100,000 500,000 Neoroid
com.MoneyBook 100억 가계부 2-Apr-17 100,000 500,000 그린 스튜디오
com.lee.katocpic KatocPic(카톡픽) – 카톡프로필 23-Aug-16 5,000 10,000 Wontime
com.appnapps.app77 필수추천 무료어플 77 5-Feb-17 1,000,000 5,000,000 App&Apps
com.sundaybugs.spring.free Spring-It’s stylish, it’s sexy 30-Sep-16 1,000,000 5,000,000 Sundaybugs
com.lx5475.craftingbox2 Crafting Guide for Minecraft 4-May-17 500,000 1,000,000 JIZARD
Total     4,215,000 18,060,000