Welcome to WebmasterWorld Guest from 184.108.40.206
The apps got past the Play Store's protection system, Google Bouncer, because they do not contain the malicious part of the Judy code.
Once downloaded, the apps silently register the device to a remote server, which responds by sending back the malicious ad-click software to open a hidden website and generate revenue for the site by clicking on the adverts.Google Play Store Apps With Ad Click Malware Downloaded 36.5 Million Times [bbc.co.uk]
...the apps silently register the device to a remote serverOnly if the phone doesn't have Lookout (or some other security feature) installed. Lookout Anti-virus/Malware app blocks unauthorized remote connections. The basic version of Lookout is free.
I wish people came up with a browser or a version of Adware plugin for phones.There have been for quite a while. Just look around your app store. They work on mobile browsers surfing sites with ads, however ads served from apps cannot be removed.
[edited by: smilie at 2:38 pm (utc) on Jun 1, 2017]