Ad fraud is a major issue, and one of the biggest ways the bad actors in the industry commit this type of fraud is by using malware. In most cases, however, it is a third party criminal who uses the malware to make money. The cyber security company Check Point, however, just reported that they found an ad firm in China that is essentially cutting out the middle man. Yingmob is a mid-sized ad firm that has been caught actually distributing malware to boost clicks to their own ads.
Yingmob is based in Beijing and is a subsidiary of MIG Unmobi Technology Inc. They offer mobile focused, easy to use ads in all the standard formats just like dozens of other ad companies around the world. According to the report, however, this company also has a team that works on a project that Yingmob calls HummingBird.
HummingBird is malware that is added to android devices and allows advertisements to be injected onto the users devices. Check Point estimates that there are approximately 10 million people using Android devices that have been infected with this HummingBird malware from Yingmob. Most of them are in China and India, but they also say that hundreds of thousands exist in the US, Mexico, Russia and Turkey as well.
This isn’t just an android problem either, though that side has been better investigated so far. On iOS Yingmob has been linked to YiSpector, which is malware that has been spreading on iOS devices in China and Taiwan for almost a year now according to separate reports. While it has not been confirmed that YiSpector is also by Yingmob, the two pieces of malware have identical command and control server addresses, which strongly links them.
Google has confirmed that they are aware of this situation and that they are looking into ways to improve their system to block the threat, though as of today it is still an ongoing issue. It has been estimated that Yingmob is making $300,000 per month just from ad fraud on the the Android malware.