An Android-based malware campaign masterminded from China has snared as many as 85 million Android devices and is making the gang behind it an estimated $1m every quarter.
Security software and services company Check Point claimed that it has had its eye on the Yingmob gang for five months, describing it as sophisticated, well-staffed and highly profitable.
Its tool of choice is a piece of malware called HummingBad, and the group works alongside an official advertising analytics company, according to Check Point's From HummingBad to Worse report (PDF).
"HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps," Check Point explained in a blog post.
"Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad's malicious components."
The malware has parts that look like the YiSpecter problem that went after Apple users and the iOS landscape and mostly affected people in China. Check Point said that this is no coincidence and that the source is the same, suggesting that the gang is happy to pee on its own doorstep.
"Yingmob uses HummingBad to generate $300,000 a month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organisational structure, proves that cyber criminals can easily become financially self-sufficient," added the firm.
"Emboldened by this independence, Yingmob and groups like it can focus on honing their skills. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder."
Ultra-high-end all-in-one PCs from HP feature either 24-inch or 27-inch displays
Roomba 'smart' vacuum cleaner company iRobot plans to sell maps of users' homes to Apple, Amazon and Google
'Smart' products spying on their owners and selling the data for profit? Who'd have thought it!
TNT Express still struggling with NotPetya malware - crucial documents remain locked up in borked systems as staff grapple with manual procedures
TNT depots over-flowing with parcels as the company struggles to recover from NotPetya - while Reckitt Benckiser reports 'ongoing' recovery
Full roll-out of Android O expected within weeks