More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to a Check Point report released last week.
HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.
If it fails to establish a rootkit, it effectively carpet bombs the target devices with poisoned apps.
HummingBad has been generating revenue of US$300,000 a month, according to Check Point.
The malware runs along with legitimate ad campaigns that Yingmob has produced for its legitimate ad analytics business.