A new report claims 10 million Android smart phones are infected with a new type of malware: HummingBad.
But what is this new program and what does it mean for us?
According to Check Point, the Israeli cyber security software company who exposed it, the malware was designed to simulate or force “clicks” on ads in your smartphone browser. It also can download additional, fraudulent apps.
The virus, which can gain root access to a smartphone, can also and send user data to the highest bidder.
This has helped its creator, Yingmob, rake in hundreds of thousands of dollars in fake ad revenue each month, the report claims.
“This steady stream of cash, coupled with a focused, organizational structure, proves cyber criminals can easily become financially self-sufficient,” a blog post from Check Point reads.
Officials say HummingBad is similar to Yispecter, a type of malware found on Apple devices, also reportedly created by Yingmob.
Google, Android’s parent company, told TIME magazine that officials have “long been aware of this evolving family of malware and we’re constantly improving our systems that detect it.”
“We actively block installations of infected apps to keep users and their information safe.”
The report said the malware started circulating in August 2015 but instances of the spiked dramatically in recent months.
While the majority of affected users are in Asia, there are roughly 280,000 affected devices in the U.S., and even less in Canada.
It targets a phone as a “drive-by download attack,” which means it downloaded when users visited certain websites.
To avoid getting malware like this, experts say users should only download apps from trusted sources – like the Google Play store or Apple’s App Store – and check the permissions and privacy settings for all of the apps they download.
Users should also remember to get the latest operating system update to ensure their phones have the latest security patches.