Google’s Play Store seems to have hosted apps containing the newly discovered Judy malware since April of 2016, according to a report from Check Point. The firm found a total of 41 apps from the same Korean company that contained the malware, as well as a few apps created by other entities that inexplicably had the malware in them. All of those apps have since been reported to Google and removed from Google Play, but at least one of the apps had last been updated in April of 2016, meaning that the bug has been lurking on the Play Store for over a year.
The Korean company that put the Judy games on Google Play is known as Kiniwini, and is registered under the name ENISTUDIO corp. on Google Play’s developer listings. A cursory glance at the company’s website makes it seem like just another freemium mobile developer, with games on both iOS and Android. The otherwise unassuming Judy series checks all the normal mass-produced freemium game series boxes; fashion, animals, food, and the like, but contains malware that generates fradulent revenue by using an infected device without a user’s knowledge. The other apps that have the malware come from scattered developers, and most of the apps don’t even have English names, meaning that one would be hard-pressed to find them on most countries’ Play Stores. Along with the Judy series, the list of apps with English names includes Dog Music (Relax), Spring-It’s stylish, it’s sexy, and Crafting Guide for Minecraft. These apps don’t look malicious on the surface, and may even have millions of downloads and good reviews.