Android users are under attack from a malware called Judy that allegedly affected around 36.5 million users. Though many apps were rigged with this bug, one of these was available on the Play Store for more than a year. However, they were dormant and were only discovered recently.
According to Checkpoint , a security firm, the malware Judy attacked most devices in the form of simple fashion and cooking games. The malware went unnoticed because the infected payload was downloaded externally from a non-Google server, after the applications were installed. Once installed, the software used the infected phone to click on certain Google Ads to increase the revenue of the attacker.
The security firm claims that spread of the malware is still not confirmed as the 'Judy' has an extensive list of applications which hasn't entirely been covered in Checkpoint's analysis.
Google Play has taken down most of the concerned applications which were published under a Korean developer Enistudio. However, the malware was also found in a few other applications published under the name of different developers.
Though the app made it to more than 36.5 million android devices, so far there has been no evidence of any data being compromised on the infected devices. There have been previous instances where malwares like these have successfully cleared Google's screening process; one of the downsides of operating on an open operating system.

Source: Business Today