HummingBad, the latest malware to attack Android, has infected 85 million devices to date, netting its creators a whopping $1 million every quarter. The malicious software was discovered back in February by security firm Check Point.

“HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps,” Check Point explains in a post on its blog.

The malware was created by the Yingmob gang of China, which is said to be sophisticated and well-staffed, according to Check Point. It is so sophisticated, in fact, that it has teamed up with a legitimate advertising analytics company, sharing its resources and technology.

“The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components,” the report adds.

HummingBad is said to be similar to the YiSpecter malware that was targeted at Apple users in China who own iOS devices. And there’s a reason why they’re similar: Check Point believes both were created by the same gang.

Right now, HummingBad is making its creators around $300,000 a month through fraudulent ad revenue. “This steady stream of cash, coupled with a focused organisational structure, proves that cyber criminals can easily become financially self-sufficient,” adds Check Point.

This kind of success also helps groups like Yingmob become even more powerful. Check Point warns that once so many devices have been infected, Yingmob could pool their resources to create powerful botnets, and create databases of devices to conduct highly targeted attacks.

Perhaps even more worryingly, the gang could even sell access to infected devices to the highest bidder to boost its revenue even further.