Guerilla Malware Shipped With Roughly 9 Million Android Devices

Researchers have revealed the shipping of millions of Android devices pre-infected with Guerilla malware. The infected devices include smartphones, smart TVs, and even smartwatches.

Lemon Group Pre-Infected Android Devices With Guerilla Malware

According to a recent report from Trend Micro, their researchers found many Android devices serving users with severe malware. Investigating the matter made them unveil a sneaky malware campaign that caused the shipping of pre-infected Android devices.

As explained, they traced back the malware campaign to the “Lemon Group” that re-flashed the target Android devices with new ROMs. Re-flashing ROMs is a technique that helps replace or modify the respective devices, such as a smartphone’s firmware. If done on pre-shipped devices, this process can help interested users run a different OS on the device.

Specifically, Trend Micro noticed the Lemon Group had exploited this technique to flash devices to infect them with Guerilla malware.

It remains unclear how the threat actors managed to infect pre-shipped devices. Yet, upon receiving numerous reports regarding the Guerilla malware infections in newly purchased phones, Trend Micro researchers analyzed the devices’ ROM images to find the malware.

On the infected devices, the malware installs various plugins serving different functionalities such as intercepting SMS messages, configuring reverse proxy from the infected device, hijacking WhatsApp sessions, harvesting Facebook data, and silent installations of other apps.

Malware Infected The Android Users Globally

Regarding the Lemon Group, Trend Micro explained that it mainly targets big data firms and advertisers, gaining insights about the potential targets it can infect with its malware.

For instance, in a recent campaign, the threat actors infected around 8.9 million Android devices, including smartphones, smart watches, Android TV boxes, and smart TVs.

These infected devices then targeted users in over 180 countries, including the United States, Indonesia, Thailand, India, Argentina, South Africa, Angola, Philippines, Mexico, and Russia. The researchers could identify around 490,000 different mobile numbers associated with OTPs generated for Lemon Group SMS-related activities.

The researchers have also shared the details about this campaign that’s seemingly ongoing for the past five years at the recent Black Hat Asia May 2023 conference.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil

1 comment

Doug May 22, 2023 - 7:38 am
I freely admit that I am not well grounded in dealing with software problems but I feel compelled to ask. Do the manufacturers plan to try to rectify this situation?

Comments are closed.

Add Comment