A new malware named ‘Judy’ has been found in over 41 apps on the Google Play Store, and it has infected between 8.5 million to 36.5 million users. This is according to a report from security research firm Check Point, which discovered the malware and alerted Google. The search giant has started removing these infected apps from the Play Store.
According to researchers from Check Point, the apps were available on the Play Store for years, but have been clean and virus-free for most of the time. It appears that starting with April 2016, the apps were slowly updated with malicious code.
Furthermore, besides the hidden ad-clicking activity, the operators of the Judy malware used it to insert intrusive ads in other apps, almost to the point that users had no possibility of viewing or interacting with the original app’s content.
Despite apps going through periodic reviews, Google‘s Play Store security system, named Bouncer, wasn’t able to pick up the malware’s malicious activity.