Guerilla Malware on Android Devices
No matter how sophisticated the Android system is, it is still prone to malware attacks. Cyber hackers can infect phones, laptops, or desktops with malware. Once the devices are infected, they can steal the owners’ data.
Even though Google releases security updates regularly, it is not possible to scan the increasing number of cybercriminals.
According to the latest report by Trend Micro, Lemon Group, a cybercrime organization, revealed that it has installed malware called Guerrilla on 8.9 million Android devices around the world.
“We identified the malware as Guerrilla and deployed by the threat actor group we named “Lemon Group” based on the URLs of their customer-facing pages (the group has since changed their website URLs after Trend Micro’s first reports on the SMS PVA botnet campaign). We identified the infrastructure of their backend, including the malicious plugins and command and control (C&C) servers, and observed an overlap: the Guerrilla malware’s exchange with that of the Triada operators’ communication and/or network flow. We believe these two groups worked together at some point as we observed some overlap of their C&C server infrastructure.
It has been infecting Android devices, including Tv boxes, Tvs, watches, and smartphones. The malware has already obtained the accounts and personal data of Android users.
How did it happen?
The scammers utilized the pre-installed malware in those devices to perform clandestine activities, like setting up a proxy, highjacking WhatsApp sessions, etc.
The infection is spreading worldwide. The threat actor could control the devices in more than 180 countries, including Mexico, Indonesia, Thailand, Russia, South Africa, India, and the Philippines.
What is Lemon Group?
It is a large cybercrime organization. It has been operating for many years. But Trend Micro only learned about this group in 2022.
The malware can load plugins that can carry out certain tasks, like stealing OTP sent through SMS for WhatsApp.
Budget devices are top of the list of phones targeted by malware. It means that Samsung Galaxy phones are in the clear (but can still be targeted).
Protecting Android Devices from Malware
This is a serious threat to Android users. You must become aware of the risks. In that way, you will know the necessary steps to protect your device from getting infected.
Thus, regularly update your Android operating system and installed apps. Updates often include security patches that address vulnerabilities and protect against known threats.
And stick to official app stores like Google Play Store, as they have security measures in place to identify and remove malicious apps. Avoid downloading apps from third-party sources, as they pose a higher risk of malware infections.
Before installing an app, carefully review the permissions it requests. Be cautious of apps that request excessive or unnecessary permissions. If an app requests permissions that seem unrelated to its functionality, it may be a red flag for potential malware. Exercise caution when downloading or updating apps. Avoid clicking on suspicious links or downloading files from unknown sources, as they may contain malware.
In your device settings, disable the option to install apps from unknown sources. This helps prevent unauthorized app installations.