HummingBad malware from China has invaded at least 10 million Android phones with "rootkit" software that exploits multiple vulnerabilities.
Cybersecurity software maker Check Point has been tracking the malware since February, and reported a sharp spike in mid-May,
CNET reported.
The reported group behind the malware is Yingmob, a multimillion-dollar advertising analytics agency based in Beijing, which develops legitimate tracking and ad platforms.
"The team responsible for developing the malicious components is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees," Check Point said.
The malware infects phones when users visit websites. A second level of attack tries to trick users with a fake system update notification. The aim is to get full access to the device and generate fraudulent ad revenue through forced ad clicks and app downloads, CNET explained. The malware also puts private information at risk.
Yingmob generates about $300,000 a month in fraudulent ad revenue through its HummingBad malware,
Check Point said in a report.
The malware is spread worldwide, with China and India having the most victims at 1.6 million and 1.35 million, respectively. About 287,000 U.S. Android users have been infected by the malware.
"We’ve long been aware of this evolving family of malware and we’re constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe," Google said,
according to The Guardian.
Experts say a factory reset is the only recourse for those who have been infected with the malware. But taking steps to prevent an attack is better yet.
"The biggest thing I could say is, don't download apps from untrusted stores," Dan Wiley, head of incident response at Check Point,
told CNET in a separate report.
© 2025 Newsmax. All rights reserved.