You’ve probably never heard of HummingBad, but this Android malware is running on almost 10 million mobile devices around the world. A new report details how one Chinese company is making $300,000 per month by taking over Android devices and creating phony advertising revenue on a massive scale.

Researchers at Check Point first spotted HummingBad in February and traced it back to Chinese firm Yingmob, which runs a legitimate ad and tracking business alongside its alleged malware operation. The company is also associated with iOS malware Yispecter, which was uncovered last fall and blocked in a subsequent software update from Apple.

The company appears to be even more successful on Android. Its malware is capable of rooting your device to gain control and then installing fraudulent apps. Beyond generating fake clicks to create ad revenue, HummingBad can also access private information and business data stored on your smartphone.

The Android malware mostly targets people in China and India, where it’s reportedly compromised 1.6 million and 1.35 million devices, respectively. However, Check Point also found it running on 288,800 Android devices in the U.S., and it’s been spotted everywhere from Russia to South America. HummingBad primarily targets earlier versions of Android, including KitKat and Jelly Bean, with just one percent of affected devices running the current Android Marshmallow OS.

The report warns that other malware makers may be emboldened by Yingmob and its hybrid business model. Google hasn’t commented on HummingBad or issued a fix, but the company clearly needs to keep improving Android security if it wants to keep users safe in the future.