All 41 apps were from Korea-based developer Kiniwini and were on Google Play under the name ENISTUDIO Corp, and have since been removed from the Play Store. But according to Check Point, the games still "reached an astonishing spread between 4.5 million and 18.5 million downloads.”

Dubbed “Judy” by Check Point, based on the titular character of Kiniwini’s games, the malware produced fake advertising clicks that then resulted in revenue for its developers.

Read also: How ransomware works: QuickTake Q&A

"It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," said Check Point, but that still means that “the total spread of the malware may have reached between 8.5 and 36.5 million users.”

The post on Check Point’s blog continued, ”Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure." (sul/kes)

Popular

The fragile promise of pluralism, religious freedom in Southeast Asia

Coffee, gold push up inflation to 1.95 percent in April

Power begins to return after outage in Indonesia's Bali island