Beware of Judy Malware, Checkout Infected Apps on Playstore

Researchers at Check Point, which recently reported malicious subtitles, have now reported a new malware campaign on Google Play. Dubbed 'Judy', the auto-clicking adware was found on 41 apps developed by a Korean company, according to researchers.

The malware used infected devices to generate fraudulent clicks on advertisements for generating revenues. Researchers claim that the 'Judy' malware has affected between 8.5 million and 36.5 million Android devices as the malicious apps saw downloads between 4.5 million and 18.5 million. Notably, Google removed the malicious apps from the Google Play store after Check Point notified it about the threat.
judy malware
"Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," writes Check Point team talking about the Judy malware.
Researchers also found several apps containing Judy malware developed by other developers on Google Play. Though, any connection between the two malware campaigns couldn't be established. "The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly," adds the team.

Check Point reported that the oldest app in the second campaign from other developers were last updated in April 2016 which means that the "malicious code hid for a long time on the Play store undetected."

Researchers also add that similar to previously reported malicious apps like FalseGuide, Judy also relies on the communication with its Command and Control server (C&C) for its operation.
Check Point last month reported FalseGuide botnet malware which infected millions of Android devices via Google Play, and which was hidden in over 40 guide apps for games in Google Play.

According to a security source, the researchers also uncovered a few more apps, published by other developers on Play Store, inexplicably containing the same the malware in them.
The connection between the two campaigns remains unclear, though researchers believe it is possible that one developer borrowed code from the other, "knowingly or unknowingly."

"It is quite unusual to find an actual organization behind the mobile malware, as most of them are developed by purely malicious actors," CheckPoint researchers say.

Apps available on play store directly do not contain any malicious code that helped apps to bypass Google Bouncer protections.

Once downloaded, the app silently registers user device to a remote command and control server, and in reply, it receives the actual malicious payload containing a JavaScript that starts the actual malicious process.

"The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website," the researchers say. "Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure."

The malicious apps are actual legitimate games, but in the background, they act as a bridge to connect the victim’s device to the adware server.

Once the connection is established, the malicious apps spoof user agents to imitate itself as a desktop browser to open a page and generate clicks.

Here’s a list of malicious apps developed by Kiniwini and if you have any of these installed on your device, remove it immediately:


  1. Fashion Judy: Snow Queen style
  2. Animal Judy: Persian cat care
  3. Fashion Judy: Pretty rapper
  4. Fashion Judy: Teacher style
  5. Animal Judy: Dragon care
  6. Chef Judy: Halloween Cookies
  7. Fashion Judy: Wedding Party
  8. Animal Judy: Teddy Bear care
  9. Fashion Judy: Bunny Girl Style
  10. Fashion Judy: Frozen Princess
  11. Chef Judy: Triangular Kimbap
  12. Chef Judy: Udong Maker – Cook
  13. Fashion Judy: Uniform style
  14. Animal Judy: Rabbit care
  15. Fashion Judy: Vampire style
  16. Animal Judy: Nine-Tailed Fox
  17. Chef Judy: Jelly Maker – Cook
  18. Chef Judy: Chicken Maker
  19. Animal Judy: Sea otter care
  20. Animal Judy: Elephant care
  21. Judy’s Happy House
  22. Chef Judy: Hotdog Maker – Cook
  23. Chef Judy: Birthday Food Maker
  24. Fashion Judy: Wedding day
  25. Fashion Judy: Waitress style
  26. Chef Judy: Character Lunch
  27. Chef Judy: Picnic Lunch Maker
  28. Animal Judy: Rudolph care
  29. Judy’s Hospital: Pediatrics
  30. Fashion Judy: Country style
  31. Animal Judy: Feral Cat care
  32. Fashion Judy: Twice Style
  33. Fashion Judy: Myth Style
  34. Animal Judy: Fennec Fox care
  35. Animal Judy: Dog care
  36. Fashion Judy: Couple Style
  37. Animal Judy: Cat care
  38. Fashion Judy: Halloween style
  39. Fashion Judy: EXO Style
  40. Chef Judy: Dalgona Maker
  41. Chef Judy: ServiceStation Food
  42. Judy’s Spa Salon

At least one of these apps was last updated on Play store in April last year, means the malicious apps were propagating for more than a year.

MUST READ... 8 Ways To Keep Your Smartphone and PC Safe From Virus Attack

Google has now removed all above-mentioned malicious apps from Play Store, but since Google Bouncer is not sufficient to keep bad apps out of the official store, you have to be very careful about downloading apps.


  1. Another recovery from the world of Android.

    But let's not forget that there is another malware more dangerous than RANSOMEWARE.

  2. Thanks for the update wizy

    I clearly noted few of this malware thanks once again

  3. Could you please educate us on the best option on how to run two different Antivirus programs in one system.