36 million Android devices hit with “Judy” malware campaign
Android users are advised to check they haven’t got any infected apps installed on their phones after the discovery of a strain of malware that was found hidden in 41 seemingly legitimate apps on the Google Play store.
Security researchers have estimated that those 41 apps have been downloaded an estimated 36 million times between them in the last handful of years.
Discovered by Check Point, the infected apps would only download the malware payload once the user had already installed the app on their phone, which allowed the apps to avoid detection from Google Play’s “Bouncer” detection software. Once the user installs the app, the app would connect to a “command” server which would send malicious code to the app.
Using that malicious code, the app would then connect to various web addresses and use web script to automatically click on Google adverts, which would generate money for the malware crooks.
Sponsored Content. Continued below...
The malware had been dubbed “Judy” because many of the infected apps contain that name.
While there is no evidence so far that the infected apps would do anything too sinister to the phone itself, such as steal data or install spyware, the instructions sent from the “command” server could change at any time which could lead to any number of scams being targeted at a phone with an infected app installed.
Google Play have since removed all the apps known to harbour the “Judy” malware, many of which have been on the Google Play store for a number of years (though all have been recently updated so it is unclear how long they have been infected.) The apps belonged to a Korean company called ENISTUDIO Corp. and as such users are advised not to install any apps from this company.
Additionally, Android users are advised to ensure their phones don’t have any of the infected apps installed; they should have already been disabled automatically by Google and Android.
Check Point have released a list of apps related to this malware campaign. If you have any installed, we strongly recommend uninstalling them now.
Package name App name Date Min Max
air.com.eni.FashionJudy061 Fashion Judy: Snow Queen style 24.3.17 100,000 500,000
air.com.eni.AnimalJudy013 Animal Judy: Persian cat care 14.4.17 100,000 500,000
air.com.eni.FashionJudy056 Fashion Judy: Pretty rapper 24.3.17 50,000 100,000
air.com.eni.FashionJudy057 Fashion Judy: Teacher style 24.3.17 50,000 100,000
air.com.eni.AnimalJudy009 Animal Judy: Dragon care 14.4.17 100,000 500,000
air.com.eni.ChefJudy058 Chef Judy: Halloween Cookies 10.4.17 100,000 500,000
air.com.eni.FashionJudy074 Fashion Judy: Wedding Party 7.4.17 50,000 100,000
air.com.eni.AnimalJudy036 Animal Judy: Teddy Bear care 16.4.17 5,000 10,000
air.com.eni.FashionJudy062 Fashion Judy: Bunny Girl Style 24.3.17 50,000 100,000
air.com.eni.FashionJudy009 Fashion Judy: Frozen Princess 7.4.17 50,000 100,000
air.com.eni.ChefJudy055 Chef Judy: Triangular Kimbap 10.4.17 50,000 100,000
air.com.eni.ChefJudy062 Chef Judy: Udong Maker – Cook 10.4.17 10,000 50,000
air.com.eni.FashionJudy067 Fashion Judy: Uniform style 24.3.17 10,000 50,000
air.com.eni.AnimalJudy006 Animal Judy: Rabbit care 14.4.17 100,000 500,000
air.com.eni.FashionJudy052 Fashion Judy: Vampire style 24.3.17 100,000 500,000
air.com.eni.AnimalJudy033 Animal Judy: Nine-Tailed Fox 18.4.17 100,000 500,000
air.com.eni.ChefJudy059 Chef Judy: Jelly Maker – Cook 10.4.17 50,000 100,000
air.com.eni.ChefJudy056 Chef Judy: Chicken Maker 10.4.17 50,000 100,000
air.com.eni.AnimalJudy018 Animal Judy: Sea otter care 14.4.17 100,000 500,000
air.com.eni.AnimalJudy035 Animal Judy: Elephant care 16.4.17 5,000 10,000
air.com.eni.JudyHappyHouse Judy’s Happy House 10.4.17 100,000 500,000
air.com.eni.ChefJudy036 Chef Judy: Hotdog Maker – Cook 29.3.17 50,000 100,000
air.com.eni.ChefJudy063 Chef Judy: Birthday Food Maker 10.4.17 50,000 100,000
air.com.eni.FashionJudy051 Fashion Judy: Wedding day 20.4.17 100,000 500,000
air.com.eni.FashionJudy058 Fashion Judy: Waitress style 24.3.17 10,000 50,000
air.com.eni.ChefJudy057 Chef Judy: Character Lunch 10.4.17 100,000 500,000
air.com.eni.ChefJudy030 Chef Judy: Picnic Lunch Maker 10.4.17 500000 1000000
air.com.eni.AnimalJudy005 Animal Judy: Rudolph care 14.4.17 100,000 500,000
air.com.eni.JudyHospitalBaby Judy’s Hospital:pediatrics 10.4.17 100,000 500,000
air.com.eni.FashionJudy068 Fashion Judy: Country style 24.3.17 10,000 50,000
air.com.eni.AnimalJudy034 Animal Judy: Feral Cat care 16.4.17 10,000 50,000
air.com.eni.FashionJudy076 Fashion Judy: Twice Style 20.4.17 100,000 500,000
air.com.eni.FashionJudy072 Fashion Judy: Myth Style 20.4.17 50,000 100,000
air.com.eni.AnimalJudy022 Animal Judy: Fennec Fox care 14.4.17 100,000 500,000
air.com.eni.AnimalJudy002 Animal Judy: Dog care 14.4.17 100,000 500,000
air.com.eni.FashionJudy049 Fashion Judy: Couple Style 24.3.17 100,000 500,000
air.com.eni.AnimalJudy001 Animal Judy: Cat care 14.4.17 100,000 500,000
air.com.eni.FashionJudy053 Fashion Judy: Halloween style 7.4.17 100,000 500,000
air.com.eni.FashionJudy075 Fashion Judy: EXO Style 7.4.17 50,000 100,000
air.com.eni.ChefJudy038 Chef Judy: Dalgona Maker 28.3.17 100,000 500,000
air.com.eni.ChefJudy064 Chef Judy: ServiceStation Food 10.4.17 10000 50000
air.eni.JudySpaSalon Judy’s Spa Salon 10.4.17 1,000,000 5,000,000
Total 4,620,000 18,420,000