For five months, Check Point researchers had unprecedented access to the inner-workings of Yingmob, the Chinese cyber criminals behind HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional malicious apps.

Hidden within a legitimate advertising analytics company, Yingmob is highly organized. It controls 85 million devices globally and generates $300,000 per month in fraudulent ad revenue, proving groups like Yingmob can become financially self-sufficient.

Read this report to learn what the investigation uncovered including critical insight about how and why attackers conduct mobile malware campaigns.