Android WARNING

        Android WARNING: Millions of           smartphones infected by malware     are you affected?

MILLIONS of Android devices may have been infected by malware from dozens of apps on the Google Play store.

Android owners have been alerted over fears 36.5million devices may have been infected by malware from apps on the Google Play store.

The Judy malware campaign produced fake advertising clicks in order to generate revenues for those behind it, according to the security firm Check Point.

Experts fear some 41 malicious apps which were downloaded up to 18.5m times from the Google Play store have spread the malware.

The apps have been removed from the Google Play store after Check Point informed the tech giant about the threat.

Millions of Android devices may have been infected by malware found in apps on Google Play

The biggest cyber-attacks, hacks and data breaches

Speaking about the Judy malware, Check Point said: "Some of the apps we discovered resided on Google Play for several years, but all were recently updated. 

“It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.”

Researchers also found several apps containing Judy malware developed by other developers on Google Play.

Check Point added: "The connection between the two campaigns remains unclear, and it is possible that one borrowed code from the other, knowingly or unknowingly.”

The security firm said the oldest app in the second campaign from other developers was last updated on April 2016.

They said this means the "malicious code hid for a long time on the Play store undetected."

Check Point added that the Judy malware campaign is "possibly the largest malware campaign found on Google Play.”

Describing how it works, Check Point said: "Once a user downloads a malicious app, it silently registers receivers which establish a connection with the [Command and Control] server.

"The server replies with the actual malicious payload, which includes JavaScript code, a user-agent string and URLs controlled by the malware author. 

“The malware opens the URLs using the user agent that imitates a PC browser in a hidden webpage and receives a redirection to another website. 

“Once the targeted website is launched, the malware uses the JavaScript code to locate and click on banners from the Google ads infrastructure."  

The malware has been named 'Judy' after the cutesy character ‘Judy the chef’ who appears in most of the affected apps.

The apps also are available to download from the Apple iPhone's App Store. However, Check Point did not refer to iOS devices when discussing the gadgets affected by the malware campaign.

The news comes weeks after the WannaCry ransomware cyber attack hit the NHS and users in 150 countries.

The malicious software is used by hackers to block access to a computer system until a ransom is paid.

WannaCry locks the data on a computer system and leaves the user with two files: instructions on what to do and the Wanna Decryptor programme.

Victims are warned that their files will be deleted within days.