Judy malware which affected 36.5 million Android users: the complete list of infected Google Play Store apps

Security researchers from Check Point have unearthed one of the largest malware campaigns to affect Android devices. The malware is named “Judy” after a series of 41 applications developed by a Korean company which had the malware.

Apps from several other developers also had the same malware, and the connection between these apps and the Korean ones is not clear. The malicious code from the applications with the malware could may have been knowingly or unknowingly replicated by third-party developers.

The malware generates clicks on advertisements, which allows the attackers to charge advertisers for the clicks. Judy has to communicate with a command and control server for its operations. The malware had been on applications since 2016. There have been between 4.5 and 18.5 million downloads of the applications, which means anywhere between 8.5 million to 36.5 million users could have been affected by the malware. Google has pulled down the infected applications from the Play Store after being alerted by Check Point.

Check Point has clarified that the malware is not just about aggressive advertising, although the affected applications do display an inordinate number of advertisements.
The Korean company thought to be the source is known as Kiniwini, which is registered in the Android Play Store as ENISTUDIO corp and publishes applications for both Android and iOS. It is unusual for such malware to be associated with a registered entity, according to the researchers. More details on the malware and how it operates can be found in a blog post by Check Point.

In what would be one of the biggest malware stories of our time, the security researchers at Check Point had unearthed an Android malware campaign that could have infected up to 36.5 million Android users to date. The malware called “Judy” has spread or rather had been spreading, undetected over the past year in the form of 41 applications that have been available for download on the Google Play Store.
After being informed by Check Point Google reacted by quickly taking down all of these 41 applications from the Play Store. Unfortunately for Android users, the damage had already been done.

The apps did not come from one developer but several developers who all had the same malware. For now it isn’t clear whether the developers were connected. What Check Point did reveal was that the code could have been replicated by third-party developers adding some more developers to that list.
Judy works by generating clicks on advertisements. This allows hackers to charge advertisers for the clicks, getting them plenty of money in return.

From the Check Point report these applications have been downloaded between 4.5 to 18.5 million times and there is a big chance that users could have been a victim of the Judy malware.
Thanks to Check Point, we now have a long list of apps developed by Korea-based Kiniwini, that happens to be a registered developer on the Google Play Store. Oddly, these also happen to be apps that have received 4 star ratings complete with positive reviews on the Play Store.
If you are a bit confused as to which are of these apps are infected and which are not? A simple solution is to simply uninstall any app with the word “Judy” in it.

App name Date Developer
Fashion Judy: Snow Queen style 24.3.17 Kiniwini
Animal Judy: Persian cat care 14.4.17 Kiniwini
Fashion Judy: Pretty rapper 24.3.17 Kiniwini
Fashion Judy: Teacher style 24.3.17 Kiniwini
Animal Judy: Dragon care 14.4.17 Kiniwini
Chef Judy: Halloween Cookies 10.4.17 Kiniwini
Fashion Judy: Wedding Party 7.4.17 Kiniwini
Animal Judy: Teddy Bear care 16.4.17 Kiniwini
Fashion Judy: Bunny Girl Style 24.3.17 Kiniwini
Fashion Judy: Frozen Princess 7.4.17 Kiniwini
Chef Judy: Triangular Kimbap 10.4.17 Kiniwini
Chef Judy: Udong Maker – Cook 10.4.17 Kiniwini
Fashion Judy: Uniform style 24.3.17 Kiniwini
Animal Judy: Rabbit care 14.4.17 Kiniwini
Fashion Judy: Vampire style 24.3.17 Kiniwini
Animal Judy: Nine-Tailed Fox 18.4.17 Kiniwini
Chef Judy: Jelly Maker – Cook 10.4.17 Kiniwini
Chef Judy: Chicken Maker 10.4.17 Kiniwini
Animal Judy: Sea otter care 14.4.17 Kiniwini
Animal Judy: Elephant care 16.4.17 Kiniwini
Judy’s Happy House 10.4.17 Kiniwini
Chef Judy: Hotdog Maker – Cook 29.3.17 Kiniwini
Chef Judy: Birthday Food Maker 10.4.17 Kiniwini
Fashion Judy: Wedding day 20.4.17 Kiniwini
Fashion Judy: Waitress style 24.3.17 Kiniwini
Chef Judy: Character Lunch 10.4.17 Kiniwini
Chef Judy: Picnic Lunch Maker 10.4.17 Kiniwini
Animal Judy: Rudolph care 14.4.17 Kiniwini
Judy’s Hospital:pediatrics 10.4.17 Kiniwini
Fashion Judy: Country style 24.3.17 Kiniwini
Animal Judy: Feral Cat care 16.4.17 Kiniwini
Fashion Judy: Twice Style 20.4.17 Kiniwini
Fashion Judy: Myth Style 20.4.17 Kiniwini
Animal Judy: Fennec Fox care 14.4.17 Kiniwini
Animal Judy: Dog care 14.4.17 Kiniwini
Fashion Judy: Couple Style 24.3.17 Kiniwini
Animal Judy: Cat care 14.4.17 Kiniwini
Fashion Judy: Halloween style 7.4.17 Kiniwini
Fashion Judy: EXO Style 7.4.17 Kiniwini
Chef Judy: Dalgona Maker 28.3.17 Kiniwini
Chef Judy: ServiceStation Food 10.4.17 Kiniwini
Judy’s Spa Salon 10.4.17 Kiniwini
커플디데이 (커플기념일, 위젯) 2-Apr-17 Neoroid
Dog Music (Relax) 29-Jun-16 Neoroid
카카오톡 대화분석기 25-Feb-16 DeepEnjoy
황금기 알리미 (여성달력) 20-Apr-16 Neoroid
100억 가계부 2-Apr-17 그린 스튜디오
KatocPic(카톡픽) – 카톡프로필 23-Aug-16 Wontime
필수추천 무료어플 77 5-Feb-17 App&Apps
Spring-It’s stylish, it’s sexy 30-Sep-16 Sundaybugs
Crafting Guide for Minecraft 4-May-17 JIZARD