Dubbed as "possibly the largest malware campaign found on Google Play," Check Point researchers have found another widespread campaign in Google's Play app store that has forced Google to remove 41 apps.
The malware-infested apps were downloaded up to 18.5 million times and forced Android users to click on ads. Check Point, a cyber security software company, dubbed the malware "Judy," developed by a Korean company, Kiniwini. The company is registered on Google Play as ENISTUDIO corp.
Check Point said some apps were discovered that had been living on Google Play for several years, but all were recently updated.
Google's technology, developed to keep adware out of the store, was not able to pick up on the malware as it was downloaded after installation. When the code was added to the apps, it would open Web pages in the background through software that imitated a PC browser.
Once the targeted Web site has been launched, the malware uses the JavaScript code to locate and click on banners from the Google ads network.
Upon clicking the ads, the malware author receives payment from the Web site developer, which pays for the illegitimate clicks and traffic.
The JavaScript code locates the targeted ads by searching for iframes which contain ads from Google ads network, according to Check Point analysts.