Following the global computer attack by WannaCry Malware, android users are under attack from a malware called Judy that allegedly affected around 36.5 million users worldwide. Though many apps were equipped with this bug, available on the Play Store for more than a year, they were dormant and were only discovered recently to become malicious.
Judy malware attacked most devices in the form of simple fashion and cooking games. The malware went unnoticed because the infected payload was downloaded externally from a non-Google server, after the applications were installed. Once installed, the software used the infected phone to click on certain Google Ads to increase the revenue of the malware creators, says security firm Checkpoint.
However, the security firm claims that spread of the malware is still not confirmed as the 'Judy' has an extensive list of applications which hasn't entirely been covered in Checkpoint's analysis.
Google Play has taken down most of the vulnerable applications which were published under a Korean developer Enistudio. However, the malware was also found in a few other applications published under the name of different developers.
Though the app made it to more than 36.5 million android devices, so far there has been no evidence of any data being compromised on the infected devices. There have been previous instances where malwares like these have successfully cleared Google's screening process; one of the downsides of operating on an open operating system.