Google has removed 41 Android apps from the official Play Store. The apps were infected with a new type of malware named Judy, and experts estimate the malware infected between 8.5 and 36.5 million users.
According to researchers from Check Point, the apps were available on the Play Store for years, but have been clean and virus-free for most of the time. It appears that starting with April 2016, the apps were slowly updated with malicious code.
According to Check Point, almost all malicious apps were made by a South Korean company called Kiniwini, but registered on the Google Play Store as ENISTUDIO corp. It is unclear if the company added the malicious code itself, or its servers were compromised and the code added by a third-party.
Furthermore, besides the hidden ad-clicking activity, the operators of the Judy malware used it to insert intrusive ads in other apps, almost to the point that users had no possibility of viewing or interacting with the original app's content. A list of apps infected with the Judy Android malware is available here.
Despite apps going through periodic reviews, Google's Play Store security system, named Bouncer, wasn't able to pick up the malware's malicious activity. Nonetheless, help is coming!
On May 17, during the Google I/O annual event, Google announced a new service called Google Play Protect.
According to Google, this new service continuously scans all Android apps and user devices for malicious behavior and uses machine learning to detect any suspicious activity. Once it detects a malicious app, it removes it from the phones of all users who installed it.
The new Google Play Protect service suite is currently shipping to all devices with the Google Play app installed.