Check Point, an Israel based cybersecurity firm, reports that an Android malware named HummingBad is affecting millions of devices around the globe. CNET reports that the majority of victims are from India (1.35 million) and China (1.6 million). The US is not immune to HummingBad, with over 288,800 infected devices.

The way this malware operates is that it tries to root Android devices. According to Check Point, the group manages to root hundreds of devices everyday. Once rooted, the group can create a botnet and carry out targeted attacks on businesses or government agencies.

What’s more worrisome is the fact that the group has close associations with Yingmob, a Beijing (China) based advertising and analytics agency.

According to Check Point, “Yingmob uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organizational structure, proves cyber criminals can easily become financially self-sufficient.”

Google said in a statement to CNET that they are aware of this family of malware and have been improving their systems to detect it. However, Android is not the only victim; Apple’s iOS has also been affected by Yingmob malware.