The infamous July Malware that produces fake ad clicks has been revealed to have potentially affected around 36.5 million Android device owners around the world. According to a security firm, this could be the biggest malware campaign ever on Google Play.
According to Check Point, an IT security provider, 41 apps on Google Play were found engendering "large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it". The culprit was identified as Kiniwini, a software developer firm based in South Korea that goes by the name ENISTUDIO Corp. Check Point stressed out that this incident could be "the largest malware campaign" discovered on the app store.
After being notified of the occurrence, Google immediately ditched said apps from Google Play. However, it was a bit late that the malware had already "reached an astonishing spread between 4.5 million and 18.5 million downloads". As reported, most of these apps had been made available for quite a few years already while some of them have been updated once in a while.
This massive amount of downloads means that the malware could have possibly infected between 8.5 and 36.5 million Android device owners. Although, Check Point noted they cannot determine how long the malicious code was living inside the apps.
The malware got its name from the Kiniwi app Chef Judy: Picnic Lunch Maker, an app that allows the central character named Judy to create delicious food.
Judy Malware has been likened to previous exploits Skinner, FalseGuide, and DressCode. They all hid behind decent to great reviews on Google Play. Considering Google Play cannot protect and screen hundreds and thousands of apps, users are encouraged to take precautionary measures and be wary of the apps to be downloaded.