A malware called Judy has been downloaded up to 18 million times, mainly through Google’s Play Store games apps, according to Check Point researchers.
The apps silently register the device to a remote server once downloaded, which sends back malicious ad-click software to generate revenue for the site by clicking on adverts and opening hidden websites.
The malicious code has been found in more than 40 apps from the game Enistudio, created by South Korean developer Kiniwini, as well as several other app developers.
“I do not know how long the malicious versions of the apps have been available, but all the Judy games have been updated since March this year,” said Check Point.
“There are many tools available, and the advantage is that the malware distributor can change them remotely, which makes it difficult for anti-malware software to keep up,” added Andrew Smith, a Senior Lecturer in Networking at the Open University.
The infected apps have now been removed from Google Play Store.
Edited from source by Leah Alger