In the world of malware, there’s some tricky games afoot. But a new malware called HummingBad is so bad that it’s almost a genius move by its developers.

Chinese ad tracking and business firm Yingmob has a legitimate business informing advertisers of how their efforts are resonating with consumers, especially on mobile devices. So someone at Yingmob had a great idea: “we already have access to these little Android phones, which is how we know if they clicked an ad…what if we write malware that makes it look like they clicked an ad, and then the advertisers will pay us even more?”

humming bad

And that’s what happened. Yingmob unleashed HummingBad on more than ten million Android devices, most of which are owned by users in Asia, although some infected devices have been found in the US, Australia, and Europe. But how did it get there?

The usual suspects come into play. Sideloading content from a third-party app store is always a key gateway, as is clicking on links in emails or on suspicious websites. Getting rid of it, though, is problematic; first you have to figure out that you have it, and so far, the only key indicators are things like an unusual amount of data usage, or apps appearing on your phone that you don’t remember installing. If you do have reason to believe HummingBad is in there, basically just wiping your phone to factory settings and starting over is the only avenue for removal right now.

From there, prevention is the best medicine. Stop downloading and clicking without fully understanding what you’re getting and who provided it. Unfortunately, it can be tempting to think that HummingBad isn’t causing you any real harm since the money is being made off of advertisers, but it does infect the root kit on your device, meaning it can theoretically dump all of your sensitive information into the hands of the creator who wrote it.