The malware called Hummingbad has reportedly infected over 10 million Android devices, researchers at the security firm Check Point are reporting. Importantly, they now claim to have tracked down where it's originating from. They first discovered the malware back in February, and they've now traced it to a Chinese advertising firm that doubles as a legitimate company.
Yingmob, the team managing the malware, runs side-by-side with an advertising and analytics agency, according to the report. It is a pretty typical looking ad company, but their malware generates up to $300,000 a month through fraudulent app installs and ad clicks.
Check Point points to Yingmob as an example of how the worst malware companies are capable of supporting themselves independently. "The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components," says the report.
"Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate," the researchers say. "For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder."