An Android-based malware campaign masterminded from China has snared as many as 85 million Android devices and is making the gang behind it an estimated $1m every quarter.
Security software and services company Check Point claimed that it has had its eye on the Yingmob gang for five months, describing it as sophisticated, well-staffed and highly profitable.
Its tool of choice is a piece of malware called HummingBad, and the group works alongside an official advertising analytics company, according to Check Point's From HummingBad to Worse report (PDF).
"HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps," Check Point explained in a blog post.
"Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad's malicious components."
The malware has parts that look like the YiSpecter problem that went after Apple users and the iOS landscape and mostly affected people in China. Check Point said that this is no coincidence and that the source is the same, suggesting that the gang is happy to pee on its own doorstep.
"Yingmob uses HummingBad to generate $300,000 a month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organisational structure, proves that cyber criminals can easily become financially self-sufficient," added the firm.
"Emboldened by this independence, Yingmob and groups like it can focus on honing their skills. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder."
Scientists believe there could be other hydrides or superhydrides with super conducting properties
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days