Judy Malware infects 36.5 million Android users, Google removes infected apps

After the big mess of ransomware “Wanna Cry” malware in Windows, now here comes a new malware named as Judy malware for Android devices.

Around 36.5 million Android devices have been infected by this malware.

Judy malware is responsible for producing fake ad clicks on google clicks generating big revenue to its developers.

According to the security firm Check Point this auto-clicking malware is found on 41 apps developed by Korean company and available on Play store under ENISTUDIO Corp.

Judy malware is also available in apps developed by other developers but the connection of these developers with ENISTUDIO Corp is not clear yet.

The malicious apps are having a huge download count in millions ranging from 4.5 million to 18.5 million downloads.

This makes sense that using high rated apps cannot provide surety that it is malware free and fully secured. User may also get infected by these high rated apps apps

The total users of this malware may have spread between 8.5 million to 36.5 million users.

These apps are available on Google Play stores from a long time but it is not possible to say from how much time this malware is present on Play store but all apps were recently updated on the store.

Check Point alerted Google about the Judy malware and Google swiftly removed the infected apps from Google Play.

How Judy malware works?


“To bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to establish connection to the victim’s device, and insert it into the app store. Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server” as per Check Point. “The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure.”

In addition to the auto clicking of ads by the malware, Judy displays large advertisements which leaves user with no other option but clicking on the ads itself to proceed further.

Now the users should not rely only on the official app stores for security, but should also use advanced security protection in their device capable of detecting the zero day malware and blocking them at right time.

Here we have the list of malicious apps developed by Kiniwini


App namePackage nameUpdate DateMinimum downloadsMaxmum downloads
Fashion Judy: Snow Queen styleair.com.eni.FashionJudy06124.3.17100,000500,000
Animal Judy: Persian cat careair.com.eni.AnimalJudy01314.4.17100,000500,000
Fashion Judy: Pretty rapperair.com.eni.FashionJudy05624.3.1750,000100,000
Fashion Judy: Teacher styleair.com.eni.FashionJudy05724.3.1750,000100,000
Animal Judy: Dragon careair.com.eni.AnimalJudy00914.4.17100,000500,000
Chef Judy: Halloween Cookiesair.com.eni.ChefJudy05810.4.17100,000500,000
Fashion Judy: Wedding Partyair.com.eni.FashionJudy0747.4.1750,000100,000
Animal Judy: Teddy Bear careair.com.eni.AnimalJudy03616.4.175,00010,000
Fashion Judy: Bunny Girl Styleair.com.eni.FashionJudy06224.3.1750,000100,000
Fashion Judy: Frozen Princessair.com.eni.FashionJudy0097.4.1750,000100,000
Chef Judy: Triangular Kimbapair.com.eni.ChefJudy05510.4.1750,000100,000
Chef Judy: Udong Maker Ð Cookair.com.eni.ChefJudy06210.4.1710,00050,000
Fashion Judy: Uniform styleair.com.eni.FashionJudy06724.3.1710,00050,000
Animal Judy: Rabbit careair.com.eni.AnimalJudy00614.4.17100,000500,000
Fashion Judy: Vampire styleair.com.eni.FashionJudy05224.3.17100,000500,000
Animal Judy: Nine-Tailed Foxair.com.eni.AnimalJudy03318.4.17100,000500,000
Chef Judy: Jelly Maker Ð Cookair.com.eni.ChefJudy05910.4.1750,000100,000
Chef Judy: Chicken Makerair.com.eni.ChefJudy05610.4.1750,000100,000
Animal Judy: Sea otter careair.com.eni.AnimalJudy01814.4.17100,000500,000
Animal Judy: Elephant careair.com.eni.AnimalJudy03516.4.175,00010,000
JudyÕs Happy Houseair.com.eni.JudyHappyHouse10.4.17100,000500,000
Chef Judy: Hotdog Maker Ð Cookair.com.eni.ChefJudy03629.3.1750,000100,000
Chef Judy: Birthday Food Makerair.com.eni.ChefJudy06310.4.1750,000100,000
Fashion Judy: Wedding dayair.com.eni.FashionJudy05120.4.17100,000500,000
Fashion Judy: Waitress styleair.com.eni.FashionJudy05824.3.1710,00050,000
Chef Judy: Character Lunchair.com.eni.ChefJudy05710.4.17100,000500,000
Chef Judy: Picnic Lunch Makerair.com.eni.ChefJudy03010.4.175000001000000
Animal Judy: Rudolph careair.com.eni.AnimalJudy00514.4.17100,000500,000
JudyÕs Hospital:pediatricsair.com.eni.JudyHospitalBaby10.4.17100,000500,000
Fashion Judy: Country styleair.com.eni.FashionJudy06824.3.1710,00050,000
Animal Judy: Feral Cat careair.com.eni.AnimalJudy03416.4.1710,00050,000
Fashion Judy: Twice Styleair.com.eni.FashionJudy07620.4.17100,000500,000
Fashion Judy: Myth Styleair.com.eni.FashionJudy07220.4.1750,000100,000
Animal Judy: Fennec Fox careair.com.eni.AnimalJudy02214.4.17100,000500,000
Animal Judy: Dog careair.com.eni.AnimalJudy00214.4.17100,000500,000
Fashion Judy: Couple Styleair.com.eni.FashionJudy04924.3.17100,000500,000
Animal Judy: Cat careair.com.eni.AnimalJudy00114.4.17100,000500,000
Fashion Judy: Halloween styleair.com.eni.FashionJudy0537.4.17100,000500,000
Fashion Judy: EXO Styleair.com.eni.FashionJudy0757.4.1750,000100,000
Chef Judy: Dalgona Makerair.com.eni.ChefJudy03828.3.17100,000500,000
Chef Judy: ServiceStation Foodair.com.eni.ChefJudy06410.4.171000050000
JudyÕs Spa Salonair.eni.JudySpaSalon10.4.171,000,0005,000,000

Source: “Check Point”

List of apps by other developers


App namePackage nameUpdate DateMinimum downloadsMaxmum downloads
커플디데이 (커플기념일, 위젯)com.CoupleDday2-Apr-17100,000500,000
Dog Music (Relax)com.DogSound29-Jun-1610,00050,000
카카오톡 대화분석기com.kakaotalkchatanalyst.ks25-Feb-161,000,0005,000,000
황금기 알리미 (여성달력)com.PeriodCalendar20-Apr-16100,000500,000
100억 가계부com.MoneyBook2-Apr-17100,000500,000
KatocPic(카톡픽) – 카톡프로필com.lee.katocpic23-Aug-165,00010,000
필수추천 무료어플 77com.appnapps.app775-Feb-171,000,0005,000,000
Spring-It's stylish, it's sexycom.sundaybugs.spring.free30-Sep-161,000,0005,000,000
Crafting Guide for Minecraftcom.lx5475.craftingbox24-May-17500,0001,000,000

Source: “Check Point”

Please share this info with your friends by clicking on the share buttons below and also comment if you want to know any information regarding the Judy malware.

Please follow and like us:

Leave a Reply

Subscribe For Latest Updates

Just provide your Email address and get all the amazing gadget information in your mailbox