The malicious app Judy was developed by a Korean company named Kiniwini, and it went undetected on the Play Store for over a year.