Over 36.5 million Android devices may have been infected with a newly discovered piece of malware that generated fraudulent ad revenue for its creators. The malicious code was spotted in in 41 apps developed by a Korean company named Kiniwini and registered on Google Play as ENISTUDIO Corp., which produces a series of casual cooking and fashion games under the “Judy” brand.
According to CheckPoint Security, most of these apps have been on the Play Store for a long time but they were all recently updated so it’s unclear as to when the malicious code was added. In order to circumvent Google Play’s Protection, the hackers only downloaded the actual malicious payload after the app had been installed by connecting to a C&C server (Command and Control).
This includes JavaScript code, a user-agent string and URLs controlled by the malware authors. Once a connection is established, the malware opens said URLs in the background and starts generating clicks. Although this is potentially the most widely-spread malware yet found on Google Play, it isn’t the first nor the most damaging. CheckPoint says it did not find any evidence of compromised user data.
Google has removed the apps after being notified by CheckPoint but you can find the complete list of the affected apps here, and of course, if any of them are on your phone you should uninstall right away.