As per the report, a group of cybercriminals in China - Yingmob - created the malware that takes over Android devices and generates USD 300,000 (over Rs 2.02 crore) per month in fraudulent ad revenue. Check Point discovered the malware in February.
The malware, it said, establishes a persistent rootkit on Android devices, generates fraudulent ad revenue and installs additional fraudulent apps.
"Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad's malicious components," it said.
"Yingmob uses HummingBad to control 10 million devices globally and generates USD 300,000 per month in fraudulent ad revenue," it said.
More From This Section
An estimated 1.6 million devices in China, 1.35 million in India and 5,20,901 devices in the Philippines have been infected apart from those in countries like the US, Pakistan, Romania, Algeria and Ukraine, the report added.
Using the infected devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market, it said.
Interestingly, most of the affected Android devices are running old versions. About 50 per cent of the affected devices run Android KitKat, while 40 per cent had JellyBean running on their smartphones.
About one per cent have the latest Android Marshmallow operating system, the report said.