Thanks to the "largest malware campaign found on Google Play," according to security firm Check Point, up to 36.5 million Android devices have been infected by malware found in 41 different apps.
All 41 apps were from Korea-based developer Kiniwini and were on Google Play under the name ENISTUDIO Corp, and have since been removed from the Play Store. But according to Check Point, the games still "reached an astonishing spread between 4.5 million and 18.5 million downloads."
Dubbed "Judy" by Check Point, based on the titular character of Kiniwini's games, the malware produced fake advertising clicks that then resulted in revenue for its developers.
"It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown," said Check Point, but that still means that "the total spread of the malware may have reached between 8.5 and 36.5 million users."