If you’re an Android user and you most probably are, read this article very carefully as you may be one of the over 85 million Android users world-wide infected with HummingBad malware by a Chinese Ad firm. The firm is called Yingmob and it has been found to control tens of millions of Android running devices all around the world, thus getting more than $300,000 per month in ad revenue (fraudulent, obviously).

According to Check Point, a  cyber-security company, the  black hat hackers behind Yingmob managed to spread their Android malware globally on a massive scale and they also seem to own  Yispecter iOS Malware, meaning that Apple users are also targeted or future targets (Yispecter and HummingBad share the same command and control server addresses). Yingmob was tracked down to Chongqing (that’s mainland China) and they are marketing their services as an Advertising company, claiming to offer their clients ads support, such as video ads, texts or pics, but without compromising user experience, i.e. easy to deploy ad-support.

Yingmob’s service offers in app , side bar and pop-up ads, but according to Check Point’s internet-security researchers, the Chinese firm is also responsible for 2 huge waves of malware, HummingBad for droids and Yispecter for Apple/iOS running devices respectively. According to Check Point, Yingomb poses as a respectable ad-analytics company with 25 employees, very well organized in four distinct groups. Yispecter malware for iOS was first discovered last year by Palo Alto Networks, a California based internet security firm, malware which targets both jail-broken and regular iOS running devices. HummingBad works by permitting the injection of ads into compromised droids and when they’re clicked by the “victim”, Yingmob cashes in.

Check Point estimates that over 200 different Android apps are used by Yingmob to spread their malware  using the “drive by download” system, i.e. when you’re visiting a malicious website, you’re downloading an infected app on your smartphone, which then establishes a rootkit and starts producing revenue for its masters. The majority of victims are from China, Taiwan, India and Philippines, but there are hundreds of thousands of infected devices in the US, Russia, Mexico or Turkey as well. However, if you think that’s bad, keep in mind that 2 of China’s largest telecom operators (China Unicom and China Telecom) were caught red-handed in malicious ads-injecting-campaigns just a few months ago.

Source 1, Source 2