back to article Outed China ad firm infects 10m Androids, makes $300k a month

Net scum behind the Hummingbird Android malware are raking in a mind-boggling US$300,000 (£233,125, A$404,261) a month through illegitimate advertising and app downloads from a whopping 10 million infected devices. The offending group, known as Yingmob, is an offshoot of a legitimate Chinese advertising analytics firm with …

  1. Magani
    Flame

    Steel Cojones?

    Bunch of bar stewards, however, I note they're situated next door to the local Cop Shop which shows a certain level of chutzpah.

    1. Voland's right hand Silver badge

      Re: Steel Cojones?

      Or a certain level of involvement. At least in China.

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Details please

    What markets are affected? How does this stuff get on the handset? What device security was disabled to enabled it to get there?

    Without these details, this is nothing more than security scare story.

    1. TwistUrCapBack

      Re: Details please

      "What markets are affected? "

      It's safe to say all of them except (maybe including) the official play store.

      "How does this stuff get on the handset?"

      People download it.

      "What device security was disabled to enabled it to get there?"

      Users must have clicked the option to "allow install from unknown sources"

  4. allthecoolshortnamesweretaken

    USD 300,000.00 = EUR 269,371.50 *

    USD 300,000.00 = GBP 225,832.50 *

    * Interbank rate 2016-07-04

    1. Anonymous Coward
      Anonymous Coward

      USD 300,000.00 = GBP 225,832.50 *

      * Interbank rate 2016-07-04

      Give it a couple of months and the interbank rate will be the same exchange rate as most US tech firms use anyway:

      USD 300,000.00 = GBP 300,000.00

      Not that that is a wholly a bad thing unless you were planning a holiday in Disneyland Florida. I suppose there's always Disneyland Paris......

  5. AndyS

    Android versions?

    "...the horribly outdated KitKat version 4.4 operating system... the significantly more-secure JellyBean version 5.x operating system"

    Some mistake? JellyBean is pretty old these days, older than KitKat - isn't 5.x Lollipop?

    1. Reghack Pauli

      Re: Android versions?

      You're quite right, I've mixed up my candies, my mistake. Does Jellybean even function anymore?

      1. AndyS

        Re: Android versions?

        My wife still has a "backup" phone that runs Honeycomb, which still works as far as I know. Although it's not been turned on for a while now.

    2. Anonymous Coward
      Anonymous Coward

      Re: Android versions?

      Came here to point that out too. The author definitely must be talking about Lollipop 5.x, as JellyBean is significantly less secure then KitKat and pretty outdated at this point. Also no such thing as JellyBean 5.x, I believe the number for Jelly Bean is 4.1.2.

  6. tsf

    Doesn't seem like a good advertising business model to me

    Is it just me or does this seem like a horribly expensive way to advertise, leave alone the morality hole the advertisers live in.

    If they are generating $300,000/month less the $10,000 in store fraudulent downloads, generating $290,000/month from 10 million infected devices, this equates to 34.8 cents from every user annually, assuming it doesn't get spotted and fixed.

    So even based on Google's legitamate click through rate of 0.17%, the advertiser would have to generate $205 from the user that actually clicks the ad, from a population in India with an average monthly wage of $302.

    Maybe I've missed something really obvious, but it sounds to me like it's more than just the users who are beeing fleeced.

    1. Anonymous Coward
      Anonymous Coward

      Re: Doesn't seem like a good advertising business model to me

      Not sure where you got your crazy math figures. It says they they have 20 million ads displayed daily, which collectively attract 2.5 million clicks. Even if they weren't paid for ad impressions (they are) that would be $4/click not $205. But they aren't getting $4, because they are getting paid something for the 20 million ad impressions a day.

      And India is only one of their markets, so even if a click is only worth less than their average in India it is worth more than their average in the US or other rich western countries.

      1. tsf

        Re: Doesn't seem like a good advertising business model to me

        Actually it says infected devices will display a share of the company's 20 million ads displayed daily, and the 2.5 million clicks is written in such a way to imply it's the total for the whole company, legitimate and otherwise.

        Which admittedly as Google's own figures for DoubleClick indicate a 0.17% click through rate, this is impressive at 2.9%, if this 2.5 million clicks is related to the 85 million devices indicated in the article.

        So to explain the crazy maths in simple terms for you 10 million devices generating $290,000/month in advertising is 2.9 cents per month or 34.8 cents annually for every single device.

        Now I may have been slightly cheeky in using the DoubleClick rate of 0.17%, i.e. one click for every 588 users, or 588 x 34.8 cents = $204.70 annually, wow crazy maths right.

        However which ever maths, crazy or otherwise, you choose to use, $300,000 from 10 million devices is bloody expensive advertising.

  7. Mark 85

    A legitimate ad firm (there's an oxymoron if ever I heard one) with a branch that does malware... and in China... Why doesn't this surprise me? Come to think of it, location wouldn't matter.

    This story ought to be flogged in any advertiser's face when they wonder why we don't trust/like them.

    1. Anonymous Coward
      Anonymous Coward

      This story ought to be flogged in any advertiser's face when they wonder why we don't trust/like them.

      I'd suggest they know, and don't care. When you look at the behaviours and reputations of the big beasts in advertising, they appear to be utter ***ts. I'm sure they're bright enough to know that they're as welcome as the four horsemen, but because of the pyschopathic need to be ever richer that affects the very rich (note 1) they really don't care what is done, so long as they continue to rack up more wealth than they can ever benefit from. This extends well beyond the realms of advertising, and includes communications, technology, financial dis-services, and anywhere else you find people rich enough not that they don't even know how much their personal wealth adds up to.

      Note 1: I wonder if this particular pschopathy is contagious and that's why every billionaire throws every ounce of their being into making themselves richer? If by some miraculous fluke I became a billionaire, would I too suddenly lose any sense of morality, empathy, and social responsibility?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like