10 million Android phones infected by all-powerful auto-rooting apps (Ars Technica)

Ars Technica reports on the "HummingBad" malware that has infected millions of Android devices: "Researchers from security firm Check Point Software said the malware installs more than 50,000 fraudulent apps each day, displays 20 million malicious advertisements, and generates more than $300,000 per month in revenue. The success is largely the result of the malware's ability to silently root a large percentage of the phones it infects by exploiting vulnerabilities that remain unfixed in older versions of Android." The article is based on a report [PDF] from Check Point, though the article notes that "researchers from mobile security company Lookout say HummingBad is in fact Shedun, a family of auto-rooting malware that came to light last November and had already infected a large number of devices".