Despite the several measures taken by Google to combat malicious apps on its Play store, a new malware dubbed as 'Judy' has been detected in over 40 applications, leaving close to 36.5 million Android devices vulnerable to illegal access.
Internet security company Check Point Technology, which detected the malware first, has already informed Google and the search engine wasted no time and pulled off all the 41 malevolent apps from the store.
Also read: WannaCry kill switch under nonstop botnet attack by hackers attempting to reignite ransomware
"The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it," Check Point Mobile research team said in a statement.
Who is behind 'Judy' malware and what does it do?
The 'Judy' malware was reportedly created by Korean company Kiniwini, which is officially registered as the ENISTUDIO corp on Google Play store. It makes apps for Android and Apple's iOS platforms.
On the Play store, ENISTUDIO corp sells several types of games and value-added apps, and is found to have been installed in around 37 million devices. The company, in a bid to generate revenue, has incorporated the bug 'Judy', which works at the backend of the app, without any permission from the users.
"The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure," Check Point Technologies said.
"Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic," it added.
'Judy' also displays big banner advertisements on the smart device's screen and forces the user to click on the ad. Most of the infected apps have received positive reviews on Google Play store, but some tech savvy users did find the constant ads popping up on the screen to be suspiciously odd and complained about the issue on the review comment section.
Google has now removed the bug-infested apps from the Play store. It has also started an internal investigation to bring more stringent measures to control malwares and check if there are apps with similar malwares on Play store.