Cybersecurity firm Check Point mobile has access a group of cybercriminals in China, which has created a malware that takes over Android devices and generates $300,000 per month in fraudulent ad revenue. The cybersecurity firm said it discovered the HummingBad malware in February, and has been tracking it ever since.

Check Point says thathe hackers effectively control an arsenal of over 85 million mobile devices around the world. With the potential to sell access to these devices to the highest bidder, Check Point researchers say similar malware campaigns may become a trend.

The group behind HummingBad is a team of developers at Yingmob, an otherwise legitimate, multimillion dollar advertising analytics agency based in Beijing.

"Yingmob has several teams developing legitimate tracking and ad platforms," the report alleges. "The team responsible for developing the malicious components is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees."

The malware installs a rootkit onto infected Android devices, giving the cybercriminals admin-level access to smartphones. This access is used to generate fraudulent advertising revenue through the forced downloading of apps and clicking of ads.

The bulk of victims are in China and India, with 1.6 million and 1.35 million cases respectively. The Philippines, Indonesia and Turkey are towards the top of the list, too, while the US has 288,800 infected devices. The UK and Australia each have fewer than 100,000 devices affected.