This new threat on Android uses devices to generate clicks fraudulent ads and has been able to be downloaded by up to 18 million users.

Discovered by the researchers of cyber-security Check Point, the malware “Judy” uses devices to generate clicks fraudulent in the ad, providing income to the hackers.

The software autoclicking has been found in 41 different applications created by a Korean developer of mobile apps whose products have been downloaded by up to 18 million users of Android. The malware has affected some of the applications that have been available for many years and are updated regularly.

This adware (malware that affects ads) also it has been discovered in multiple applications created by other developers on Google Play, some of which have not been updated since April of 2016. This suggests that the malicious code could hide in the store without being detected for over a year. The connection between the two campaigns has not been tested, but is it possible for a developer to take the code of the other.

it is Not clear how much time has been circulating the malicious code within this second group of applications, but has been downloaded for up to 18 million users.

This represents the the last threat that introduces malicious applications in the Google Play Store as part of the ongoing battle of Google against malware in Android. The applications of “Judy” might compromise the system of protection Bouncer of Google Play by using techniques similar to other forms of malware that infiltrated successfully in the store of Android, such as FalseGuide and Skinner, because the malicious code is not visible.

researchers have pointed out that it is very difficult to discover the hackers behind malicious applications, which in this case are hijacking users ‘ devices to generate clicks that are fraudulent.

Check Point has been reported to Google about this adware and the affected applications have already been removed from the store.