‘Judy Malware’ Infects More Than 36 Million Android Phones: What We Know

By on
Judy Malware infects more than 36 million Android devices

Security is one of the top-most concern by most technology users nowadays. A few weeks ago, hundreds of thousands of Windows systems were compromised by a ransomware.

This resulted in major service outages from various companies and agencies. Malware and viruses are very common in today’s electronic devices. More so with popular services like the Android operating system. A new report details the Judy Malware the infects around 36.5 million Android devices to date.

According to security company Check Point, it has discovered a “new” malware which acts more like an adware. The malware, called Judy Malware, was developed by a Korean company and is present in 41 applications. These applications are all available in the Google Play Store and have been there for several years.

The way the malware works is by generating false advertising clicks within its Javascript codes.The fraudulent clicks then generate income for the perpetrators especially now that is has infected millions of Android users.

Judy Malware infects more than 36 million Android devices

Android app infected by Judy Malware (via

The malware can also bypass the Bouncer, Google Play’s protection, with the use of a bridgehead app. Once the main application has been installed, it then establishes connection to the remote server that will reply to the actual malicious payload. When the connection is established, the malware opens a URL with a user agent that acts like a browser.

The moment the URL has been loaded, the internal code the looks for a Google ad and clicks it. Finally, the perpetrator then receives remuneration for the unscrupulous click and traffic.

Fortunately, Check Point has already alerted Google about the said malware. In response, Google has removed all the apps that were under the same Korean developer.

The malicious apps were developed by a Korean company called Kiniwini; registered on Google Play Store as ENISTUDIO corp. The company develops applications for both iOS and Android OS. In addition to apps developed by the said company, the Ruby Malware is also present on other third-party app developers such as Neoroid, App&Apps, DeepEnjoy and Sundaybugs.

Android users are urged to get rid of the apps listed in the link above as soon as possible. Furthermore, anyone should be careful in downloading applications from the Play Store especially those with high reputation. For more tech updates, be sure to check us out at TheBitbag.

Also read: iOS 10.3 Jailbreak News: Exploits Still Abound but Jailbreak Tool Unclear

About the author

To Top