Reported by cyber security company CheckPoint, the Malware called HummingBad installs a rootkit on the smartphones, allowing attackers administrative access.
The access is then used to generate advertising revenue of up to $300,000 per month by forcing the download of apps and ad-clicks. The implications stretch further than that, however, with the group able to sell access to the phones to others, as well as the data contained within them.
CheckPoint warns that this access enables the cybercriminals to create a botnet that can be used to carry out attacks on businesses and government. The malware is said to be most prominent with users running Android KitKat and Jelly Bean.
Though the bulk of the devices affected are in China (1.6 million) and India (1.35 million), US devices have been infected also, with estimates as high as 288,800.
Who is Responsible?
Interestingly, the team responsible is a group of developers inside Yingmob, a multi-million dollar advertising analytics agency. Working in a subsection called the ‘Development Team for Overseas Platform’, they number at 25 employees with four separate groups.
This isn’t the first time Yingmob have come under fire, thought to be associated with an iOS targeted malware named Yispecter. The malware was one of the first to target un-jailbroken iPhones, spreading itself by hijacking traffic from ISP’s and a worm on the Windows platform.
CheckPoint notes that the methods for HummingBad vary, primarily using malicious websites to infect the phone and force download apps. This could be why the malware has had such a global, widespread reach.
It’s unclear what repercussions there will be for the company, and neither they or Google have released a statement on the matter.