The folks over at security researcher Check Point say they were able to infiltrate a China-based cybercrime ring, and their findings might surprise you.
Check Point researchers gained access to Yingmob, a China-based group of cyber criminals that use malware known as HummingBad to target Android-based devices. Over a five-month period, the researchers discovered that Yingmob compromised 10 million Android devices and generated a whopping $300,000 per month in "fraudulent ad revenue" from those products.
"Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology," the researchers claim. "The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad's malicious components.
"Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate," the researchers said. "For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder."
That might be scary enough, but there's another problem: according to Check Point, affected device owners likely have no idea that their products have been targeted, and there are no tools to root out the malware Yingmob has installed on their products. The devices – and perhaps more importantly, the data – therefore "remain exposed," the researchers say.