Security research firm Check Point say that a China-based group has used malware known as HummingBad to target and infect 10 million Android devices over five-months. The firm responsible was then able to generate $300,000 USD per month in a ‘fraudulent ad revenue scam’ from those devices.
The fine folks over at Check Point say they infiltrated the Chinese cybercrime ring known as Yingmob. Yingmob had/have been using HummingBad to infect Android devices and use those devices to generate their revenue.
“Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology…The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.
“Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate,…For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.”
– Check Point Researchers
While that sounds bad enough, it gets a little worse: according to Check Point, owners of infected devices likely have no idea that their phones have been targets. Making matters worse is the lack of tools able to root out HummingBad once it has been installed.