{
	"id": "25ddcbe1-f1a4-4dbc-be6b-5d4199b65c74",
	"created_at": "2026-04-06T00:09:58.393571Z",
	"updated_at": "2026-04-10T03:30:33.136448Z",
	"deleted_at": null,
	"sha1_hash": "3ea27edc814d3f9968b47a29861fc15f023fdd75",
	"title": "The Judy Malware: Possibly the largest malware campaign found on Google Play",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 71807,
	"plain_text": "The Judy Malware: Possibly the largest malware campaign found\r\non Google Play\r\nBy bferrite\r\nPublished: 2017-05-25 · Archived: 2026-04-05 21:52:32 UTC\r\nCheck Point researchers discovered another widespread malware campaign on Google Play, Google’s official app\r\nstore. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a\r\nKorean company. The malware uses infected devices to generate large amounts of fraudulent clicks on\r\nadvertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing\r\nspread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play\r\nfor several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps,\r\nhence the actual spread of the malware remains unknown.\r\nWe also found several apps containing the malware, which were developed by other developers on Google Play.\r\nThe connection between the two campaigns remains unclear, and it is possible that one borrowed code from the\r\nother, knowingly or unknowingly. The oldest app of the second campaign was last updated in April 2016, meaning\r\nthat the malicious code hid for a long time on the Play store undetected. These apps also had a large amount of\r\ndownloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and\r\n36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner,\r\nJudy relies on the communication with its Command and Control server (C\u0026C) for its operation. After Check\r\nPoint notified Google about this threat, the apps were swiftly removed from the Play store.\r\nFigure 1: A malicious Judy app on Google Play\r\nHow Judy operates:\r\nTo bypass Bouncer, Google Play’s protection, the hackers create a seemingly benign bridgehead app, meant to\r\nestablish connection to the victim’s device, and insert it into the app store. Once a user downloads a malicious\r\napp, it silently registers receivers which establish a connection with the C\u0026C server. The server replies with the\r\nactual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the\r\nmalware author. The malware opens the URLs using the user agent that imitates a PC browser in a hidden\r\nwebpage and receives a redirection to another website. Once the targeted website is launched, the malware uses\r\nthe JavaScript code to locate and click on banners from the Google ads infrastructure.\r\nUpon clicking the ads, the malware author receives payment from the website developer, which pays for the\r\nillegitimate clicks and traffic.\r\nThe JavaScript code locates the targeted ads by searching for iframes which contain ads from Google ads\r\ninfrastructure, as shown in the image below:\r\nFigure 2: Searching for iframes containing Google ads\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 1 of 9\n\nThe fraudulent clicks generate a large revenue for the perpetrators, especially since the malware reached a\r\npresumably wide spread.\r\nWho is behind Judy?\r\nThe malicious apps are all developed by a Korean company named Kiniwini, registered on Google Play as\r\nENISTUDIO corp. The company develops mobile apps for both Android and iOS platforms. It is quite unusual to\r\nfind an actual organization behind mobile malware, as most of them are developed by purely malicious actors. It is\r\nimportant to note that the activity conducted by the malware is not borderline advertising, but definitely an\r\nillegitimate use of the users’ mobile devices for generating fraudulent clicks, benefiting the attackers.\r\nIn addition to the clicking activity, Judy displays a large amount of advertisements, which in some cases leave\r\nusers with no option but clicking on the ad itself. Although most apps have positive ratings, some of the users\r\nhave noticed and reported Judy’s suspicious activities, as seen in the images below:\r\nFigure 3: Comments made by suspicious users\r\nAs seen in previous malware, such as DressCode, a high reputation does not necessarily indicate that the app is\r\nsafe for use. Hackers can hide their apps’ real intentions or even manipulate users into leaving positive ratings, in\r\nsome cases unknowingly. Users cannot rely on the official app stores for their safety, and should implement\r\nadvanced security protections capable of detecting and blocking zero-day mobile malware.\r\nAppendix 1 – list of malicious apps developed by Kiniwini\r\nPackage name App name Date Min Max\r\nair.com.eni.FashionJudy061 Fashion Judy: Snow Queen style 24.3.17 100,000 500,000\r\nair.com.eni.AnimalJudy013 Animal Judy: Persian cat care 14.4.17 100,000 500,000\r\nair.com.eni.FashionJudy056 Fashion Judy: Pretty rapper 24.3.17 50,000 100,000\r\nair.com.eni.FashionJudy057 Fashion Judy: Teacher style 24.3.17 50,000 100,000\r\nair.com.eni.AnimalJudy009 Animal Judy: Dragon care 14.4.17 100,000 500,000\r\nair.com.eni.ChefJudy058 Chef Judy: Halloween Cookies 10.4.17 100,000 500,000\r\nair.com.eni.FashionJudy074 Fashion Judy: Wedding Party 7.4.17 50,000 100,000\r\nair.com.eni.AnimalJudy036 Animal Judy: Teddy Bear care 16.4.17 5,000 10,000\r\nair.com.eni.FashionJudy062 Fashion Judy: Bunny Girl Style 24.3.17 50,000 100,000\r\nair.com.eni.FashionJudy009 Fashion Judy: Frozen Princess 7.4.17 50,000 100,000\r\nair.com.eni.ChefJudy055 Chef Judy: Triangular Kimbap 10.4.17 50,000 100,000\r\nair.com.eni.ChefJudy062 Chef Judy: Udong Maker – Cook 10.4.17 10,000 50,000\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 2 of 9\n\nair.com.eni.FashionJudy067 Fashion Judy: Uniform style 24.3.17 10,000 50,000\r\nair.com.eni.AnimalJudy006 Animal Judy: Rabbit care 14.4.17 100,000 500,000\r\nair.com.eni.FashionJudy052 Fashion Judy: Vampire style 24.3.17 100,000 500,000\r\nair.com.eni.AnimalJudy033 Animal Judy: Nine-Tailed Fox 18.4.17 100,000 500,000\r\nair.com.eni.ChefJudy059 Chef Judy: Jelly Maker – Cook 10.4.17 50,000 100,000\r\nair.com.eni.ChefJudy056 Chef Judy: Chicken Maker 10.4.17 50,000 100,000\r\nair.com.eni.AnimalJudy018 Animal Judy: Sea otter care 14.4.17 100,000 500,000\r\nair.com.eni.AnimalJudy035 Animal Judy: Elephant care 16.4.17 5,000 10,000\r\nair.com.eni.JudyHappyHouse Judy’s Happy House 10.4.17 100,000 500,000\r\nair.com.eni.ChefJudy036 Chef Judy: Hotdog Maker – Cook 29.3.17 50,000 100,000\r\nair.com.eni.ChefJudy063 Chef Judy: Birthday Food Maker 10.4.17 50,000 100,000\r\nair.com.eni.FashionJudy051 Fashion Judy: Wedding day 20.4.17 100,000 500,000\r\nair.com.eni.FashionJudy058 Fashion Judy: Waitress style 24.3.17 10,000 50,000\r\nair.com.eni.ChefJudy057 Chef Judy: Character Lunch 10.4.17 100,000 500,000\r\nair.com.eni.ChefJudy030 Chef Judy: Picnic Lunch Maker 10.4.17 500000 1000000\r\nair.com.eni.AnimalJudy005 Animal Judy: Rudolph care 14.4.17 100,000 500,000\r\nair.com.eni.JudyHospitalBaby Judy’s Hospital:pediatrics 10.4.17 100,000 500,000\r\nair.com.eni.FashionJudy068 Fashion Judy: Country style 24.3.17 10,000 50,000\r\nair.com.eni.AnimalJudy034 Animal Judy: Feral Cat care 16.4.17 10,000 50,000\r\nair.com.eni.FashionJudy076 Fashion Judy: Twice Style 20.4.17 100,000 500,000\r\nair.com.eni.FashionJudy072 Fashion Judy: Myth Style 20.4.17 50,000 100,000\r\nair.com.eni.AnimalJudy022 Animal Judy: Fennec Fox care 14.4.17 100,000 500,000\r\nair.com.eni.AnimalJudy002 Animal Judy: Dog care 14.4.17 100,000 500,000\r\nair.com.eni.FashionJudy049 Fashion Judy: Couple Style 24.3.17 100,000 500,000\r\nair.com.eni.AnimalJudy001 Animal Judy: Cat care 14.4.17 100,000 500,000\r\nair.com.eni.FashionJudy053 Fashion Judy: Halloween style 7.4.17 100,000 500,000\r\nair.com.eni.FashionJudy075 Fashion Judy: EXO Style 7.4.17 50,000 100,000\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 3 of 9\n\nair.com.eni.ChefJudy038 Chef Judy: Dalgona Maker 28.3.17 100,000 500,000\r\nair.com.eni.ChefJudy064 Chef Judy: ServiceStation Food 10.4.17 10000 50000\r\nair.eni.JudySpaSalon Judy’s Spa Salon 10.4.17 1,000,000 5,000,000\r\nTotal     4,620,000 18,420,000\r\nAppendix 2 – list of apps developed by other developers\r\nPackage name App name Date Min Max Developer\r\ncom.CoupleDday\r\n커플디데이 (커플\r\n기념일, 위젯)\r\n2-Apr-17\r\n100,000 500,000 Neoroid\r\ncom.DogSound Dog Music (Relax)\r\n29-Jun-16\r\n10,000 50,000 Neoroid\r\ncom.kakaotalkchatanalyst.ks\r\n카카오톡 대화분석\r\n기\r\n25-\r\nFeb-16\r\n1,000,000 5,000,000 DeepEnjoy\r\ncom.PeriodCalendar\r\n황금기 알리미 (여\r\n성달력)\r\n20-\r\nApr-16\r\n100,000 500,000 Neoroid\r\ncom.MoneyBook 100억 가계부\r\n2-Apr-17\r\n100,000 500,000\r\n그린 스튜디\r\n오\r\ncom.lee.katocpic\r\nKatocPic(카톡픽) –\r\n카톡프로필\r\n23-\r\nAug-16\r\n5,000 10,000 Wontime\r\ncom.appnapps.app77\r\n필수추천 무료어플\r\n77\r\n5-Feb-17\r\n1,000,000 5,000,000 App\u0026Apps\r\ncom.sundaybugs.spring.free\r\nSpring-It’s stylish,\r\nit’s sexy\r\n30-\r\nSep-16\r\n1,000,000 5,000,000 Sundaybugs\r\ncom.lx5475.craftingbox2\r\nCrafting Guide for\r\nMinecraft\r\n4-May-17\r\n500,000 1,000,000 JIZARD\r\nTotal     4,215,000 18,060,000  \r\nAppendix 3 – list of SHA256\r\na7e2030649cca0651730d4bea6f9c03200aaa3a0da56f112bf7c5691c172fcde\r\na649293a9420afdd9c034f74bc501eef645af1ca940346a59d0fc7aef9028dc9\r\n407e92a8c83a1fc9797c7047a5084ffc3ca8616779bd7eb829c1a0210a731356\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 4 of 9\n\n3803ca279b007f10b9ca1eb5fa329bd87e5b40670805d57031971d7bd6d5fb77\r\n0aba0b966df39f8e0bf5f93955827ea223c1bda4c167232f9805958aa6e66ec0\r\n0f883861ce387f2e6336f68f040a6bb635fe8358b9eb6efe1398f887000a9351\r\n11dc1c54f1c0f08bbc335c22e43f1d27e6ed05261c98facffd0a1c084021caf4\r\n15d34a094515d7044194762650c0b0f77ec546025d555b09dd03c9e2d67532fd\r\n1a652e3d37e6d5a67efff547de111d161c396a5619136244d7f0846558037674\r\n1cd233cfedd87e15953138f82d78140ca4890161271542627e033f11225df181\r\n1db8c76ead84322407d4d112c8ab855f4b4ea414c6e7379fcd1ad03e56fa975c\r\n2117a776609b249436e448def0e6e0bfc5a6b3c176f101ff3f4411f4e2e14584\r\n28785f3acd5f3b75ce9b919cb0549b41e24cf38f729b60f720d989f83406bcc0\r\n37ae2e88dee816d7ed4036dced7b404c98d321de89faaedbbabd00fadfde65fa\r\n3e96f9ff46708e5a70977dfbcfb5e90d3c5b1b6caeee36303c179b724c708be5\r\n4d1503ef789d31047d39efe28e7abae3104e0b7d0ded9bf899fd92f814246718\r\n5e086c84836ed931dd2650f29f27e8b43eaef67bf29b63d0c508fee04e4c339d\r\n5fc2853fc986b1d6c41a99238ada777c188a1f204720760441f577a19d9030b6\r\n71196796b8cc06d1fe563b18d94043905db92bf87309bc2690522198a7795203\r\n744b6d454f70524b0962843551fb05bed8926fcb7e59e19b23fe63cdaf39b78f\r\n79f43d95e7b90b21b6d00ed942327493c54d492103dcb815979d73593c14d14d\r\n92965cb6e0ea88db6603f485dfdfe454ace7e23beda8e598f60b42179e12a926\r\n97b82001836238d74505b83dac900029338ecc66008827ec62de18f6912e0007\r\n99fb35fdcce4f4834780e29196df6e7d27cfa5d5a2d03ea16a4aae6aaec3541c\r\n9c6ca77794bdd03a9ba76cbe8418a83c50261063b47fbd2d51e7c777f74492f1\r\n9e8b51a18c0032fbb2ff84056dc353cafb03335253cf3864735f2b6231f9bcf9\r\nb1629184416c15e00b446a533b552901a871ef923427042f6aa7f5509579c1a8\r\nb8f3493cb2f37d7dca678e675edca280aac388baad8407b596202b2cdfb7d0f2\r\nc2217f8324394c28b49a34f5012e59a6bd2f98c2d036678692c0d12c418ff593\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 5 of 9\n\nc23cccc0e5b92c0a0971e6e93ee0652e4cc49996d08f9a389090a43620b2d529\r\nd4d5ad8e8457b006c624f1163cd9a6839ff033ee05722eb2fa4693f6ea20ce1b\r\ndcc4d9a47b9a09c705aed50062f99d0a498e62f10a7e615f9c541383bae72515\r\ne2950cee820ee6fe3d879c0d3dfa43fa803475056e09f27f351713bb1630412b\r\ne992e87b56b088a5d3a594388eada8c2573c974c85412bbf863e45027156fe0a\r\nf3cca64c3c38307c013758a764e1001065dbd1a75e0b3b36f4997556740c1303\r\nfaedac8eb47265709f58cc6c91e939d149512fbf81f5eddd618dd9a9351d4e8f\r\n4517d503c3d86e3fd25a929c7af705ed729981b900cd96603a36bb1e20abee3f\r\n4c5f2897403fc3e4d2e0028e9becfece17b2613c8a0ec6b84c56ac2bf6baf0b4\r\nd08dd9fd31862fad3e2a19333f74e9bc8dbc5eac0714f3a32c575329c82e3e4b\r\n459e5fdef42d7007524d1ff2856ea5f218303c88d1cd83d00d38f5cf9645ba0f\r\n5258f84d9f8cc4c1dc018e0ea4fbc8a56c1ec49eb934347b76f8d7bbe91f29cc\r\n040e6d65749ab02446bbd012419cb6e00427201b261128df313daa87cea64abb\r\nd5640bb77ed417bbfcd9e409b8653cac29eb78b0f86981fe4662893fd7b4be7c\r\n32262e708e0467f91bbb86ee3c5955a04b942be4fb5561ea1d92332adc0cb79c\r\n210f88eeb00fd3437cbb6de8da01ed6a027bcd5a4cd8865760baf65d4083f252\r\n4d307d5e2783131eae8c8fba619054cdbe683c5cb6cc3401bf04b08d5b68e036\r\nd08f63456fdd97e3b025bd9d0f41a2369fccc8303f3011d86aadde3d38a7caf8\r\na52a11928075e12de58794e05fd8d6ecafe49358f74b0734d2f1bb214125493f\r\na6e2e92d02572698b83f083d6b2c9d22073659644b91ca825b5c95cb3a3b892f\r\n90b1ab2cce2cccd1a65b8242c39f778f723adf632122e26a0c10a970cffc73c3\r\ndbb976d4880010e2d267cccda6d3ed745c35ce1c3310d65fe4cc5dab830fe03b\r\ne9c22cfee3b9161c8677fc5f3e4808af845a7251c340ae226057d070551902e1\r\n7968d34cd539d7e947315da9f39f42ccbfb782498a7362346ce83d5e9cacd374\r\ndca641a91aa5600752c2d8f6cd8b751e655e714cd6ea0c8b247cf23bb9e671de\r\nc70f268d549be552832722824c8150b62e0c9f32e08d11442a2c061a97bda131\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 6 of 9\n\nb6e745d2f947ce521b425047739ecf206be862f5b8cef6118024084996c1ff38\r\n79c574c4a628b8be8f29fd41f76007e303bbf02d609d1e3a62ca6c2ae7083e1d\r\n564fe11fad80ef31ef067f02904d8db8afe636160fb00803537b275eea15bb67\r\n35888a5fc383316c7ad504bf49653d18965aec49eb7cb8dcf2c27a52d4b0e292\r\nf6628943a994b3a654cc2c04dce979a772c312d30cc9b57e7e87ebe355d88d47\r\n2d78f8bc7a3fcf3f45efe96ca136e33ec74678da80d716e3c2c0c5e9fe61219f\r\n24c96ae798113b454b352e672fd3188361edeecde0bdd78ec69abbfe2510c543\r\nc350a7a3d3c9d142fa0f2f7ef7e8a0aeeb937ba684e2c4a14b363b4e3fb2dc44\r\n406469b7d7c061a14dd3ee959d27ff2de7609ffee27556614f9ada55c9b4c105\r\n887da9c7e2a2c5a86f531e8bb3a0a10d77829c6321ba26ab89398212e0516517\r\n82b0441b97597cee80dcdf373bc77f7dd0ea51aca8268135baf31aef83ede4a9\r\n42f03ce06e47ee7562707b666e3780fc260b211bf4b23021761f54598d731fff\r\n4293c15a61b194cbf98c2cbb413e514931ada1a3b241a34e4cfda1b30c191c8a\r\n37a7e7b390014fa314533cff462e733d2491ef50c18834e06ce8df0a2e7cf354\r\n42e2f82baa67172643a0e285eaddc61e0190bee98cb6d11dfa6dc93ad4780d29\r\nd5c0911a90ce75378065af7790ae94a49462b55c57ae71f49b3d1b3ec4a46bed\r\n3974f21d025ff41edc5161b6b115a389509a607a51d47867d7f4bd8eb16a0506\r\n45f3fbc9dea31761d3b0a7ceae28e1858495f5e0f2dd5fef3c1ab9954f2cbc5d\r\n48b36f59091697e8053ec2b7a1b7e1d8ae41a1cd8fe0ebb30ef4cb32aa64cdd6\r\n496445f3b2966b01edfd40458d27e6ecb85737aa035552958d83188069fc6533\r\n3fa06d06ae072af0877bb8f52ff80d26e74153d1cd1b96b0bc0a428491af59d8\r\n30b201ac258b70b9facd77f565c6704c8b99cee000afd2877ac88ffb8e424094\r\n1fad3833e49aee029fad5089deb28301fbf8640fa97fa58452716bdab4f8c610\r\ncd68e747b5f0c143ee006dbd4e545bd80540cfac03290d46416acb756ba2d986\r\nc9aaefb6b3fb1c03b3a41afccc37561537146eefb51f7d498fbdad55bf2a8ff1\r\nd180f55c5f9f8b6557d485ae8d09a31a52a6f827e8b41551fea9d07ff6b17739\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 7 of 9\n\n6a26e97cf849e8631e2f6cf92f1c8839755a213cdd2b6ee500b640e38d73fc5c\r\n434382ae159c0080dbd7dbb8c20a1ad842ab127c3f09f58bf6ef5547497dbca7\r\na76633d89e8dd4833c12be91175ee4af5744e9a4edc873a1349dd5be39bbac2d\r\n83d97489848532aaad58df7d74a5ffc36ae0aad89196be99c4d6b0dcb350ed1a\r\nbd45a96672a5dbd35a99ee3c9e12bacb99715771c59dc7071a0eaa1fcbdb379f\r\nf9f1fbe3b68c1c465c781c33dd7b155f491444cdfa337b7f472bc03b86878361\r\nb7121de02f2a5fe031988382ccad0a277f50fac7e27c006f1ca15e91973f6a78\r\n39d54257f158b9b47f6d82e9e6f2427cfa4b629f355623930fa0627f59409ca3\r\n501e81f133aedd99a8499182b5823efbbc3d5865f83c4c1de4fdbfa085924fc6\r\nadca05fded0f8203fb79a3aaf7d33b6dbf80936f32c676f8f8bfef55103f6d6c\r\n3c8caaee546077f1f477caa4492dd136c4c7b1884903a2065406b39877617689\r\nf94022043e53ae7f89294a572fb66fe11ede2327547e5bcfdbec776e96fbef89\r\n0cd304c9ff806002d9a763e0351e37e81493e723166e471c6bb8ff2acde29f43\r\n4e62e6a4193ab91ce6630307fb62dd5d021251d206f09138aef4cb028b5aa0c8\r\nadfc6449c4b7035b0a22d92d21dbdffde70b1eda0bf04b755a84ec47bc3965b7\r\nfe571038b3457bc79669b5ade54223a03ab8bc85380f18f162f8df2ba83d08b2\r\nfcbcfb6b2c31062008f7ec5efd363b532295790aa2c22220dfb21ab1e1db32f7\r\n5600a01296c01d0059bc2db6eccf7b0079fdfb094cd8b1065d261f7a67e51b78\r\n1f3a6a5e2a56ec8ad1afe22b5909e052b6085084b0a97076cf0697b9f854459b\r\n5bf386540b73f41b76e68058f410094a7721d4cb1012cbeff0a49d96907a2c8f\r\nf60eea8b71c6d95488b1a7ae93524471b7f8d5eeb7f14431be42d1956cd3338c\r\n205ec303d5c7b2377ebef257cbfc0f21c8066e6b789f4cdf5eb3a97021586d5d\r\n841a1950bea9acad0a6871026fb8e003b7eeecd3a8b73f2ca1e51aaec814fb2d\r\n9488ea858098e67f7a70afca4c0aeb68e165f3db5fe1431bfd14cdd943620899\r\nce890aa7ff83d3b05ccb2b4cfc411d73fad7552d616d5ed950bb53072a7a4e62\r\n1a8814ab87718639dd6603795b0155132e4b60117a9b310c1b85a548116ff446\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 8 of 9\n\n51b650cb4160bf78637acc6b22c0996bbe1068688f20994bb8a9c7e1c4462a37\r\n037bbd9f907338e0db3872a8ea5ba79b900368790b92885ddd8a350cc2b275a9\r\nbe7759dcb501880c63b45c61578dfd67d4014589581f2f43d1666ba38c1e63dd\r\n92a72f36c1fce30fcf1b14e14ba868c4848b9f78d68c33ff8033f32f5f5f96fc\r\nbcc39545c42276594a78c517e452befc5438ec93c92abc568c426677da0c684a\r\n0b07e6dc9b5855833630bf45533320c8a2a8fdd685e9f3e0ebe62d502a391980\r\n4ded00a4d12c4a045b681823182274a93b706b3c72f9905716b94cf03e954d02\r\nad56d33051d3ed4068c95e2033a3630504f3feb8bf96d3424785e697e57c0eb5\r\n959b8403e989cd0a6d994906a09d9d210914c46d9ee10c8ee03c1fc2c6657e06\r\n26f4ff8969543cac41b0c9a63c15f90fd4697a1f110a8df90c5f1fd9d1860d0e\r\n0efd2d97dbe61bd9b5951180ae8979c01ef2e3bd0184dcdf850e11781531e5a4\r\n15e5bf87fe854b3a1ecf0e8446cd39ceda429d6b6e7d78f2f78fbfea7eb5959c\r\nSource: https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nhttps://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
	],
	"report_names": [
		"judy-malware-possibly-largest-malware-campaign-found-google-play"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434198,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3ea27edc814d3f9968b47a29861fc15f023fdd75.pdf",
		"text": "https://archive.orkl.eu/3ea27edc814d3f9968b47a29861fc15f023fdd75.txt",
		"img": "https://archive.orkl.eu/3ea27edc814d3f9968b47a29861fc15f023fdd75.jpg"
	}
}