EXPRESS • GETTY
Millions of Android devices may have been infected by malware found in apps on Google Play
The Judy malware campaign produced fake advertising clicks in order to generate revenues for those behind it, according to the security firm Check Point.
Experts fear some 41 malicious apps which were downloaded up to 18.5m times from the Google Play store have spread the malware.
The apps have been removed from the Google Play store after Check Point informed the tech giant about the threat.
The biggest cyber-attacks, hacks and data breaches Sat, May 13, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk's list of some of the biggest attacks in history.
Getty Images 1 of 15
14 of the biggest cyber-attacks, hacks and data breaches in history
Speaking about the Judy malware, Check Point said: "Some of the apps we discovered resided on Google Play for several years, but all were recently updated.
“It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.”
Researchers also found several apps containing Judy malware developed by other developers on Google Play.
Check Point added: "The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly.”
The security firm said the oldest app in the second campaign from other developers was last updated on April 2016.
They said this means the "malicious code hid for a long time on the Play store undetected."
Get Quotes on Home Insurance
Millions of Android devices could be affected by the malware campaign
An app affected by the Judy malware campaign, according to Check Point
Check Point added that the Judy malware campaign is "possibly the largest malware campaign found on Google Play.”
Describing how it works, Check Point said: "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server.
“The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website.
The malware has been named 'Judy' after the cutesy character ‘Judy the chef’ who appears in most of the affected apps.
Android 7.0 Nougat – Seven of the best features in Google's new operating system Sat, August 20, 2016
Android Nougat boasts a number of new features, including the ability to run two apps side-by-side, better battery life and improved encryption for personal data.
EXPRESS NEWSPAPERS 1 of 7
Nougat boasts a number of new features, including the ability to run two apps side-by-side, better battery life and improved encryption for personal data
Check Point said the 41 Android apps that have spread the malware are developed by Korean company Kiniwini, registered on Google Play as ENISTUDIO corp.
The security firm have also published a list of apps that they say are affected by the Judy malware – and you should check to see if you have downloaded any of them.
The apps also are available to download from the Apple iPhone's App Store. However, Check Point did not refer to iOS devices when discussing the gadgets affected by the malware campaign.
The news comes weeks after the WannaCry ransomware cyber attack hit the NHS and users in 150 countries.
The malicious software is used by hackers to block access to a computer system until a ransom is paid.
WannaCry locks the data on a computer system and leaves the user with two files: instructions on what to do and the Wanna Decryptor programme.
Victims are warned that their files will be deleted within days.