10 Million Android Devices Infected With Chinese Malware: Report

July 6, 2016 Updated: October 5, 2018

A Chinese company has infected some 10 million Android devices around the world and exploits them for $300,000 a month.

The company, called Yingmob, is partly a legitimate advertising analytics company. It uses the legitimate business to get access to mobile devices. It then infects the devices with malware, according to a report by Check Point, a cyber security company.

In February, Check Point discovered a malware called HummingBad. The malware makes ads pop up on the screen of an infected device and blocks the user from any other options except for clicking on the ad. It then steals the money that an ad agency pays for the click-through on the ad.

Check Point tracked the malware to the Yingmob offices in Chongqing, southwestern China.

Yingmob’s legitimate business has access to 85 million Android devices. Check Point estimates quarter of them are infected by malicious apps.

Some 10 million devices actually use the malicious apps and Yingmob is able to display 20 million ads through them a day. That translates to about $10,000 ad revenue a day—$300,000 a month.

But the real danger for the consumer is that the malware gives Yingmob control over the device—it can access personal data and even use the devices en masse to launch hacking attacks on websites—both of which can be sold to other cyber criminals.

More than quarter of the affected devices were traced to China and India. Over 280,000 affected devices were in the United States.

Yingmob has also been linked before to malware called YiSpecter, which was discovered last year on Apple iOS devices.

Yingmob has not responded to a request for a comment.

China has been a major source of cyber security threats.

Smartphones from Chinese brands like Huawei, Lenovo, and Xiaomi were found to have a malware installed in them even before they reach customers.

Follow Petr on Twitter: @petrsvab