Up to 10 million Android smartphones could have been infected by a malware called HummingBad that spies on the browsing habits of smartphone users and generates fake clicks for adverts according to a new report from security companies Checkpoint and Lookout.
The malware installs itself deep inside a phone’s operating system to avoid detection and gives its creators complete control over the handset, according to the security companies.
It can then installs apps on a user’s device and spy on their browsing habits, as well as generating fake clicks for online adverts. By doing this, the malware is reportedly making around $300,000 (£232,000) a month for its creators.
Checkpoint said in a blog post that it had obtained access to the command-and-control servers that oversee infected phones and this revealed that HummingBad has now managed to infect around 10 million devices.
The sudden spike in phones infected by the malware is a result of its creators adding more functions to the malware or finding new ways to distribute it, Lookout wrote in a blog post. Worryingly, the security company also said that even after a factory reset, the malware "can remain persistent."
The majority of phone that have been infected by the malicious software are located in China, India, Indonesia and the Philippines.