Explorer

Beware! Guerilla Malware Pre-Installed In Android Devices By 50 Smartphone Makers

A malware named "Guerilla" has been pre-installed on almost 9 million Android handsets by 50 smartphone makers, smartwatches, TVs and TV boxes by a cybercrime enterprise identified as "Lemon Group".

A malware named "Guerilla" has been pre-installed on almost 9 million Android handsets by 50 smartphone makers, smartwatches, TVs and TV boxes by a cybercrime enterprise identified as "Lemon Group". According to IT security firm Trend Micro, its researchers have discovered the money-making business and monetisation strategies built on top of the pre-infected devices marketed and sold by one of the threat actor groups we named Lemon Group.

What is Lemon Group doing with Guerilla malware

The researchers have also given an overview of how these devices were infected, the malicious plug-ins used, and the groups’ professional relationships.

"While we identified a number of businesses that Lemon Group does for big data, marketing, and advertising companies, the main business involves the utilization of big data: Analyzing massive amounts of data and the corresponding characteristics of manufacturers’ shipments, different advertising content obtained from different users at different times, and the hardware data with detailed software push.

"This allows Lemon Group to monitor customers that can be further infected with other apps to build on, such as focusing on only showing advertisements to app users from certain regions," researchers at Trend Micro said.

Trend Micro's research was recently presented at Black Hat Asia 2023 security conference in Singapore. The malware operator behind the Guerrilla malware reportedly has similarities with the Triada trojan that was detected back in phones in 2016. However, the Triada malware was reportedly implanted into several devices, and in 2019 Google confirmed a case of OEM image being used by third-party vendors without notifying the OEM company.

"Comparing our analyzed number of devices with Lemon Group’s alleged reach of 8.9 million, it’s highly likely that more devices have been preinfected but have not exchanged communication with the C&C server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market," the researchers noted.

"Shortly after our Black Hat presentation, we noted that the page hosting these numbers of their reach was taken down. But noting our detections for this investigation alone, we were able to identify over 50 brands of mobile devices that have been infected by Guerilla malware, and one brand we’ve identified as a 'Copycat' brand of the premiere line of devices from leading mobile device companies. Following our timeline estimates, the threat actor has spread this malware over the last five years. A compromise on any significant critical infrastructure with this infection can likely yield a significant profit for Lemon Group in the long run at the expense of legitimate users."

Top Headlines

OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
BSNL Launches Rs 1.34 Lakh Satellite Phone That Doesn't Need Network, Buying It Isn't Easy
BSNL Launches Rs 1.34 Lakh Satellite Phone That Doesn't Need Network, Buying It Isn't Easy
As Galaxy Unpacked Nears, Samsung CEO TM Roh Pitches Thinner Foldables & More Personal AI
As Galaxy Unpacked Nears, Samsung CEO Pitches Thinner Foldables & More Personal AI
Galaxy Z Fold 8 Leaked Early And Its Passport-Style Design Has People Talking
Galaxy Z Fold 8 Leaked Early And Its Passport-Style Design Has People Talking

Videos

Breaking News: Protests Against Pakistan Government Continue in PoK for 35th Day
Safety Alert: Birthday Banner Falls From Flyover Onto Bike on Thane Highway
Breaking News: Baba Ramdev's Hindu Rashtra Remarks Trigger Political Controversy
Breaking News: Nitesh Rane's Remarks on Aamir Khan's Marriage Spark Political Row
Breaking: Four Teenagers Drown in Yamuna River in Delhi's Alipur

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget