When it comes to wide-scale malware attacks, China’s consumers are rarely out of the firing line.

Up to 10 million Android devices have been infected with a malware that amasses fake clicks for adverts, according to a report by security firm Check Point. Most of the devices are in China, with large numbers also detected in India, the Philippines and Indonesia.

The malware, dubbed ‘HummingBad’ by Check Point, originated from a group of Chinese cyber criminals that work alongside ad firm Yingmob. The security firm first discovered instances of the malware in February 2016. According to their data cases have spiked in the past month.

Check Point estimates that the group behind the malware are raking in up to $300,000 USD per month in fraudulent ad revenue. “[Proving] cyber criminals can easily become financially self-sufficient.”

HummingBad is a type of malware that can hide undetected within an operating system, allowing the creators to remotely control a device. The group has used the malware to install fake versions of apps, or click on ads to make them seem more popular.

Lookout, a separate security firm which first discovered the same malware in November and has labelled it “Shedun,” says the malware can masquerade as popular apps suck as Facebook and Twitter. In a blog post they attribute the recent 600% rise in cases to “the authors building new functionality or distributing the malware in new ways.”

They also note that a the malware is not removed with a factory reset, and can defeat uninstall attempts.