Monday, June 16, 2025
HomeMalwareBeware: New Google Play Store Android Malware called “Judy” Infected Around...

Beware: New Google Play Store Android Malware called “Judy” Infected Around 8.5 to 36.5 Million Users

Published on

SIEM as a Service

Follow Us on Google News

A New Android Malware Called “Judy” found in google play store infected 41 Apps which all are created by a Korean company. This “Judy” Malware is an auto-clicking adware which leads to forcing the users to Click the ads.

This Malware performing plenty of fraudulent clicks on advertisements Generated by infected applications for increasing the revenue for Malware Authors.

As per the Estimation is done by Checkpoint, “Judy” Malware Reached Around  8.5 and 36.5 million users around the world.its makes a big issue for users who all are affected by this infection since it has done a huge amount of reach.

- Advertisement - Google News

This Malware was found on 41 apps developed by a Korean company. Playstore Malware like HummingBadFalseGude, Dridex is threatening in a similar way of infection and especially Android users.

“Judy” Malware Downloads Estimated between 4.5 million and 18.5 million Android Users and Few apps are surviving in play store in many years.

Judy Malware in Playstore (Source: checkpoint)

How does Judy work?

A bridgehead app use for establishing a connection into victims Device which has been Bypassed the Play store Protection and inserted into app store.

The C&C server connection will Establish once user a user Downloads a Malicious App.

According to Checkpoint ,The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website.

JavaScript code is used to locate and click on banners from the Google ads infrastructure.so once click the ads then malware authors will receive a payment from the Website Developers.

“Judy” Infected Apps and counts

According to Checkpiont Estimated Downloads of Judy Malware,

Package nameApp nameDateMinMax
air.com.eni.FashionJudy061Fashion Judy: Snow Queen style24.3.17100,000500,000
air.com.eni.AnimalJudy013Animal Judy: Persian cat care14.4.17100,000500,000
air.com.eni.FashionJudy056Fashion Judy: Pretty rapper24.3.1750,000100,000
air.com.eni.FashionJudy057Fashion Judy: Teacher style24.3.1750,000100,000
air.com.eni.AnimalJudy009Animal Judy: Dragon care14.4.17100,000500,000
air.com.eni.ChefJudy058Chef Judy: Halloween Cookies10.4.17100,000500,000
air.com.eni.FashionJudy074Fashion Judy: Wedding Party7.4.1750,000100,000
air.com.eni.AnimalJudy036Animal Judy: Teddy Bear care16.4.175,00010,000
air.com.eni.FashionJudy062Fashion Judy: Bunny Girl Style24.3.1750,000100,000
air.com.eni.FashionJudy009Fashion Judy: Frozen Princess7.4.1750,000100,000
air.com.eni.ChefJudy055Chef Judy: Triangular Kimbap10.4.1750,000100,000
air.com.eni.ChefJudy062Chef Judy: Udong Maker – Cook10.4.1710,00050,000
air.com.eni.FashionJudy067Fashion Judy: Uniform style24.3.1710,00050,000
air.com.eni.AnimalJudy006Animal Judy: Rabbit care14.4.17100,000500,000
air.com.eni.FashionJudy052Fashion Judy: Vampire style24.3.17100,000500,000
air.com.eni.AnimalJudy033Animal Judy: Nine-Tailed Fox18.4.17100,000500,000
air.com.eni.ChefJudy059Chef Judy: Jelly Maker – Cook10.4.1750,000100,000
air.com.eni.ChefJudy056Chef Judy: Chicken Maker10.4.1750,000100,000
air.com.eni.AnimalJudy018Animal Judy: Sea otter care14.4.17100,000500,000
air.com.eni.AnimalJudy035Animal Judy: Elephant care16.4.175,00010,000
air.com.eni.JudyHappyHouseJudy’s Happy House10.4.17100,000500,000
air.com.eni.ChefJudy036Chef Judy: Hotdog Maker – Cook29.3.1750,000100,000
air.com.eni.ChefJudy063Chef Judy: Birthday Food Maker10.4.1750,000100,000
air.com.eni.FashionJudy051Fashion Judy: Wedding day20.4.17100,000500,000
air.com.eni.FashionJudy058Fashion Judy: Waitress style24.3.1710,00050,000
air.com.eni.ChefJudy057Chef Judy: Character Lunch10.4.17100,000500,000
air.com.eni.ChefJudy030Chef Judy: Picnic Lunch Maker10.4.175000001000000
air.com.eni.AnimalJudy005Animal Judy: Rudolph care14.4.17100,000500,000
air.com.eni.JudyHospitalBabyJudy’s Hospital:pediatrics10.4.17100,000500,000
air.com.eni.FashionJudy068Fashion Judy: Country style24.3.1710,00050,000
air.com.eni.AnimalJudy034Animal Judy: Feral Cat care16.4.1710,00050,000
air.com.eni.FashionJudy076Fashion Judy: Twice Style20.4.17100,000500,000
air.com.eni.FashionJudy072Fashion Judy: Myth Style20.4.1750,000100,000
air.com.eni.AnimalJudy022Animal Judy: Fennec Fox care14.4.17100,000500,000
air.com.eni.AnimalJudy002Animal Judy: Dog care14.4.17100,000500,000
air.com.eni.FashionJudy049Fashion Judy: Couple Style24.3.17100,000500,000
air.com.eni.AnimalJudy001Animal Judy: Cat care14.4.17100,000500,000
air.com.eni.FashionJudy053Fashion Judy: Halloween style7.4.17100,000500,000
air.com.eni.FashionJudy075Fashion Judy: EXO Style7.4.1750,000100,000
air.com.eni.ChefJudy038Chef Judy: Dalgona Maker28.3.17100,000500,000
air.com.eni.ChefJudy064Chef Judy: ServiceStation Food10.4.171000050000
air.eni.JudySpaSalonJudy’s Spa Salon10.4.171,000,0005,000,000
Total  4,620,00018,420,000

Also Read:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

Recent investigations by Check Point Research have uncovered a sophisticated malware campaign that leverages...

Interpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware Variants

In a landmark global cybercrime crackdown, INTERPOL’s Operation Secure has seen the takedown of...

New Secure Boot Vulnerability Allows Attackers to Install Malware in PC and Server Boot Processes

Security researchers from Binarly have uncovered a major software vulnerability in the Unified Extensible...