Everyday there’s a new piece of Android malware that ends up affecting millions of devices. And this time it’s the Judy Malware. Discovered by the researchers at Check Point, the malware is potentially one of the most widely spread pieces of Android malware we’ve ever seen. Researchers believe that potentially 36.5 million Android devices may have already been infected.

A malicious Judy app.

According to Check Point, the malware — which is designed to generate ad revenue — was found lurking on 41 separate apps on the Google Play Store. Notably, some of the malicious apps have been available for download for years, though it is unclear if the malware was always present or inserted later via a software update.

“The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it,” the security report reads.

“Once a user downloads a malicious app, it silently registers receivers which establish a connection with the C&C server. The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure,” Check Point further explains.

Secure your online data, revoke access from third-party apps

Google seems to be aware of the malicious campaign and has removed the offending apps from its online store.

And as for the people behind the malware campaign, all we know so far is that these apps originate from a Korean company that develops apps for both iOS and Android.

> On Check Point