All 41 apps were from Korea-based developer Kiniwini and were on Google Play under the name ENISTUDIO Corp, and have since been removed from the Play Store. But according to Check Point, the games still "reached an astonishing spread between 4.5 million and 18.5 million downloads.”

Dubbed “Judy” by Check Point, based on the titular character of Kiniwini’s games, the malware produced fake advertising clicks that then resulted in revenue for its developers.

Read also: How ransomware works: QuickTake Q&A

"It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," said Check Point, but that still means that “the total spread of the malware may have reached between 8.5 and 36.5 million users.”

The post on Check Point’s blog continued, ”Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure." (sul/kes)

Popular

RI, Australia strengthen partnership on taxing crypto assets

Analysis: Indonesia denies normalization with Israel to enter OECD

Citroen to produce electric cars in Indonesia