MANILA, Philippines – Researchers have estimated that as many as 85 million devices are infected and controlled by malware released by a Chinese firm to earn fraudulent ad revenue – around $300,000 a month.

The CheckPoint blog explained in a July 1 blogpost that the YingMob group released the HummingBad malware.

YingMob is connected to a legitimate advertising analytics firm, which CheckPoint said shares technology and resources with the malware group.

CheckPoint discovered the malware and has been tracking it since February of this year.

The blog explained HummingBad “establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.”

Because of the rooting capabilities of the malware, the group is able to create a botnet and carry out targeted attacks on businesses or government agencies, or possibly sell access to the botnet to other cybercriminals. This also puts the data on infected devices at risk.

Nearly 10 million users are using the infected applications. Among the top 20 countries, the Philippines appears to be the third most affected country, with 520,901 people using the malware-infected apps. This number is dwarfed by China and India, with 1,606,384 infections and 1,352,772 infections, respectively.

More information on the malware is available on the 24-page report on the YingMob group’s activities. – Rappler.com