Judy appeared mainly in apps developed by Korean company Kiniwini, registered on Google Play as ENISTUDIO Corp; however, it was also found in apps from other developers on Google Play, a possible indication that the code was borrowed. Though it is unclear how long the malicious code existed inside the apps, one app hadn’t been updated since April 2016, remaining available for download in the Google Play store during this time. The total number of users who downloaded one of the malicious apps may be between 8.5 and 36.5 million. After Check Point notified Google of the malicious apps, they were removed from the Play store.
- Check Point Software Technologies, LTD. provides a technical analysis of Judy here.