Dozens of Android Apps Infected with Korean Adware

One of the easiest ways to avoid malicious software on Android phones is to install apps only from the Google Play Store. Google vets every program that crosses into its storefront, and the vast majority of them are perfectly safe. (Even if the vast majority of them are also perfectly banal.)

Credit: Kiniwini

(Image credit: Kiniwini)

Still, a clever developer can sneak something dangerous into otherwise innocuous code, and that’s just what Korean game-maker Enistudio Corp., part of a larger Korean company called KiniWini, may have done. "Judy" isn’t only the mascot for the company’s casual games; it’s also the name that security researchers have given to a well-hidden strain of adware that could compromise your phone's performance. If you've got an app from Enistudio, you might want to delete it.

Israeli security firm Check Point investigated what it called "The Judy Malware," although the "malware" label is debatable. While the Judy apps do indeed install shady software on your phone and do so without your knowledge or explicit permission, they don't actually harm your phone, steal your data or compromise your privacy. Rather, the Judy apps are adware — programs that hog your phone’s resources to generate ad-click revenue for dubious paymasters in distant corner of the world.

MORE: Best Android Antivirus Apps

The good news is that Google has already removed the Judy apps from the Play store — all 50 or so of them. While the vast majority of Judy apps were casual games from Enistudio starring the eponymous pink-haired mascot, a handful were finance, music, calendar or fashion apps from other Korean developers.

You can scrutinize Check Point’s blog post for a full listing of the offending apps, but even if you’ve installed one, you don’t have to worry. Simply uninstalling the program will take the adware with it.

Avoiding similar apps in the future may be a more difficult proposition. Check Point explains that some Judy apps had been in the Play Store for years, and up to 18.5 million people may have downloaded the various programs. Most of the apps had positive, organic user reviews.

The adware may have been part of a recent update, or it may have been part of the software since the beginning — Check Point can't tell for sure. (It appears that the malicious code was added to each app after installation.) The episode is a dismaying reminder that while Google Play’s security protocols may be good, they’re not perfect, and even a minor breach can affect millions of users.

The best way to avoid malicious Android apps is to install them only from legitimate sources, such as the Google Play Store, but that would not have helped in this case. An Android antivirus program may have caught the programs’ suspicious behavior — or not, since the programs weren’t technically compromising the phone or the information on it in any way.

The sad truth is that there’s no surefire way to avoid every piece of unwanted software on the internet. Sometimes, all you can do is use common sense, install an antivirus program and hope for the best.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Android Phones
Google Pixel 9a hands-on.
Pixel 9a’s on-device AI isn’t as good as the Pixel 9 — here’s what’s different
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
Pixel 9a vs Pixel 7a side by side composite.
Google Pixel 9a vs. Pixel 7a: Biggest differences explained
Showing the front of a Galaxy S25 Ultra held in hand
One UI 7 will arrive late for US Samsung users — here’s when it’ll launch for you
CAD renders of the Google Pixel 10
Google Pixel 10’s Tensor G5 chipset could be very different — here’s what we know
back of Iris Pixel 9a
Google Pixel 9a launch LIVE: Everything you need to know
Latest in News
Google Pixel 9a hands-on.
Pixel 9a’s on-device AI isn’t as good as the Pixel 9 — here’s what’s different
Siri in iOS 18 on iPhone
Users complain that Siri can’t answer even the most basic questions — here’s what we know
Sony Xperia 1 VI
Sony Xperia 1 VII could get a 200MP main camera to challenge Galaxy S25 Ultra
iPhone 16 next to samsung galaxy watch 7 and bose wireless earbuds on a composite image
Apple's walled garden is crashing down — EU orders iOS to open up to third-party devices
Sourdough Sidekick
Feeding your sourdough starter just got a lot easier with this new smart gadget
Qobuz
Qobuz reveals artist payouts for the first ever — here’s how much it pays artists per stream