Endpoint/Device Security, Application security, Threat Management

Millions of Android devices pre-installed with Guerilla malware

BleepingComputer reports that nearly 9 million Android smartphones, TVs, TV boxes, and watches across 180 countries have been pre-infected by the Lemon Group cybercrime operation with the Guerilla malware, which could facilitate additional payload delivery, reverse proxy creation, and WhatsApp session takeovers. Most of the impacted devices were found in the U.S., Mexico, Russia, Indonesia, and Thailand, according to a Trend Micro report presented at the BlackHat Asia conference. Initial malware loaders have been deployed by Lemon Group, which has been using infrastructure overlapping with the Triada banking trojan, to infect more than 50 ROMs across various Android device vendors. Researchers also discovered that Guerilla malware has a main plugin featuring other plugins for obtaining one-time passwords, establishing a reverse proxy, showing unwanted apps, and installing more APKs. "The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud," said Trend Micro.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.