An anonymous reader shares a Motherboard report: Advertising agencies go to great lengths to spread their clients' messages. Now, researchers have uncovered a new approach: malware. This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business. Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts. But Check Point's report claims that part of the company -- the "Development Team for Overseas Platform," which employs a staff of 25 people -- is responsible for malware it has dubbed HummingBad. This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. The first infection method Check Point came across was a "drive-by-download," whereby Yingmob's malware targets a victim when they visit a malicious website, then proceeds to download malicious apps onto their device. In its analysis, Check Point writes that nearly 10 million people are using malicious Android apps made by Yingmob.