10 million Android devices have been infected by malware called HummingBad, according to Check Point. The cybersecurity firm said it discovered the malware in February, and has been tracking it ever since.
What makes HummingBad particularly dangerous is the group behind it: a team of developers at Yingmob, an otherwise legitimate, multimillion dollar advertising analytics agency based in Beijing.
“Yingmob has several teams developing legitimate tracking and ad platforms,” the report alleges. “The team responsible for developing the malicious components is the ‘Development Team for Overseas Platform’ which includes four groups with a total of 25 employees.”
The malware installs a piece of software called a rootkit onto infected Android devices, giving the cybercriminals admin-level access to smartphones. This access is used to generate fraudulent advertising revenue — apparently up to $300,000 per month — through the forced downloading of apps and clicking of ads.
But it’s not just fake ad revenue at stake here, as the group is able to sell access to phones or give away information held on them. Check Point estimates that over 85 million smartphones have the group’s apps installed on them, but only up to 25 percent of these include malicious software.
The bulk of victims are in China and India, with 1.6 million and 1.35 million cases respectively. The Philippines, Indonesia and Turkey are towards the top of the list, too, while the US has 288,800 infected devices. The UK and Australia each have fewer than 100,000 devices affected.
Malware has done considerable damage to mobile platforms over the past year. Apple, previously known for being virus and malware-proof, has been hit by multiple attacks, including some perpetrated by the same group behind HummingBad, according to Check Point. Meanwhile, a Russian hacker last month used malware to steal the data of millions of Twitter users.
Neither Yingmob nor Google immediately responded to requests for comment.