More than 10 million Android devices have been infected by a Chinese malware known as HummingBad, according to Israeli cyber security company Check Point.
The security software manufacturer has been tracking HummingBad since its discovery in February, and recently released a report analyzing the malware’s rise.
The malware was created by a team of developers at Yingmob, a Beijing-based advertising agency that — with the exception of releasing HummingBad out into the world — is an otherwise legitimate company that develops legal tracking and ad software.
“Yingmob uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue,” a Check Point spokesperson said in a press release.
HummingBad started out as a “drive-by download attack” malware that infected phones when users visited certain websites, according to CNET.
The malware, once installed, first attempts to gain root access on the device. If that fails, it’s designed to use fake system update notifications to trick users in giving it administrative-level permission.
It then brings Yingmob advertising revenue through forced application downloads and ad clicks, CNET reported.
HummingBad also gives its developers the ability to sell access to phones, and the private information stored on them, Check Point said.
While the majority of phones infected with HummingBud are in China and India — with about 1 million reported cases in each country — the US has roughly a quarter of a million infected Android devices, according to CNBC.
Check Point says that the steady stream of cash coming in from HummingBad is evidence that cyber criminals can become financially self-sufficient.
The cyber security company added that cyber crime groups across the world are honing their skills — and are hoping to take malware in entirely new directions.