Millions of Android devices are in danger of being hacked. Cybersecurity solution provider Check Point Software revealed that a group of cybercriminals are targeting Android devices with the malware HummingBad.

Yingmob, the group behind HummingBad, has been using the malware to access 10 million devices and obtain fraudulent ad revenue. According to Check Point, it has been tracking Yingmob for months, and its findings are alarming. “Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components,” wrote the Check Point Mobile Research team in a blog post.

(Related: Android N hits its fourth preview)

According to Check Point, Yingmob is also behind YiSpecter, an iOS malware. Check Point added that this type of hack is dangerous because it opens up a new stream of revenue for hackers, and while Yingmob is the first known group to have advanced organization and financial self-sufficiency, it won’t be the last group.

“Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate,” the company wrote. “Without the ability to detect and stop suspicious behavior, these millions of Android devices and the data on them remain exposed.”

The company’s full analysis is available here.