Absolutely. Although Google says that it regularly scans Play store for malicious apps and threats, it is clear that in this case Google's Bouncer protection has failed. In fact, reports claim that Google has started removing the infected apps from the Play Store. Check Point writes in its blog post, "The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads".
The security company is calling this one of the largest malware campaigns found on Google Play Store. It's probably best to not take high ratings at face value in light of the malware's spread, given that numerous apps in question got positive feedback from several people.
The security firm said the oldest app in the second campaign from other developers was last updated on April 2016.
According to Check Point, nobody noticed the malicious nature of the apps because those malicious effects were taken from a non-Google server after the user installed them.
Maute fighters killed in Marawi
Plumes of black smoke rose in the distance and two air force helicopters could be seen flying over the city centre. The city of Marawi was still largely sealed off Thursday, although automatic gunfire and explosions could be heard.
"Upon clicking the ads, the malware author receives payment from the website developer, which pays for the illegitimate clicks and traffic", it added.
Judy then opens the URLs using the user-agent string that mimics the web browser of the infected system and is used to launch the targeted websites. "The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it". Apart from that, you can only format your device since there is no other way to know.
Moreover, the firm also found several other apps with the same malware, but these were developed by other developers on Google Play. As per reports, to date, Judy has managed to make its way into 36.5 million handsets across the globe by infecting them with malicious ad-click software. While Google says that it has removed any app which contains the malware, you should be very careful while downloading one. The apps themselves seem to be "living" on Google Play Store for a long time now, undetected. They also publish apps for both Android and iOS devices.
The Judy Malware fiasco shows that even Google Play Store tends to pass up a major opportunity for malware on occasion, as it obviously did for this situation.
How can I protect my device from Judy?