Guerilla Malware: Malware attacks are not new. Often cyber hawkers target people and infect their smart devices like phones, laptops or desktops with malware to steal their data.
The data is later sold to the black market or is used to initiate other malicious activities. While the cyber cell and tech companies continuously try to trace these online criminals and release security updates regularly, it is still not possible for them to scan the entire growing web of these criminals.
In a recent shocking report, a cybercrime organisation called the Lemon Group has been revealed that have allegedly installed malware called “Guerilla” on nearly 9 million (8.9 million to be exact) Android devices worldwide. The malware is infecting Android devices, including smartphones, watches, TVs, and TV boxes. The latest report by Trend Micro, a Japanese multinational cyber security software company, claims that the malware has risked the accounts and personal data of Android users.
It reveals that scammers are utilising this pre-installed malware in the devices to perform various malicious activities such as loading additional payloads, intercepting one-time passwords from SMS, setting up a reverse proxy from the infected device, hijacking WhatsApp sessions, and more.
In a recent blog post, the company further stated that the infected devices are spreading worldwide, with the threat actor having control over devices in over 180 countries. The top 10 countries most affected by this are the US, Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, Philippines, and Argentina.
What is Lemon Group
According to the report, Lemon Group is a large and sophisticated cybercrime organisation. They have been operating for several years. According to the report, the company first got to know about the Lemon Group in February 2022. However, the group allegedly changed its name to “Durian Cloud SMS” shortly after and its servers are still the same and intact.
“Through our monitoring, we have detected over 490,000 mobile numbers used for OTP requests of Lemon SMS and, later, Durian SMS service. The customers of Lemon SMS PVA generate OTPs from platforms like JingDong, WhatsApp, Facebook, QQ, Line, and Tinder, among other applications,” reads the official blog post.
Guerilla Malware is infecting Android devices
The report reveals that the Lemon Group has installed Guerilla malware and other types of malware tools to attack victims. While the company has not provided further details on how Lemon Group infects devices, they have found that it is often pre-installed on devices that have been re-flashed with a new ROM.
Notably, the Guerilla malware can load additional plugins that carry out specific tasks, such as:
SMS plugin: This plugin is made to steal the one-time passwords sent via SMS for WhatsApp, JingDong, and Facebook.
Proxy plugin and proxy seller: With this plugin, attackers can use the victim’s network resources by setting up a backward proxy from the infected phone.
Cookie plugin/WhatsApp plugin/Send plugin and promotion platform: The Cookie Plugin extracts Facebook cookies and sends them to a central server. The compromised device can then take control of WhatsApp sessions and send unwanted messages.
Splash plugin: This type of malware displays annoying ads while users are using official apps.
Silent Plugin: This tool silently installs additional apps or removes existing ones based on instructions from a central server. The process happens in the background without the user noticing.
How to protect Android devices from malware
The Lemon Group is a serious threat to users of Android devices. It is important to be aware of the risks and to take steps to protect your device from getting hacked or vulnerable to cyber scammers. Here are some tips that will help you protect your Android device from Guerilla malware:
Download apps from trusted sources: Use Google Play Store on Android and Apple App Store on iPhone. There are other third-party app stores, which can contain malware-infected apps that can steal your personal information or financial data.
Read app permissions: When you install an app, it will ask for certain permissions. These permissions allow the app to access certain features of your device, such as your contacts, photos, and location. It is important to carefully review the permissions that an app is requesting before you grant them. Sometimes, these apps have hidden continents or access data, locations, or others which we often ignore.
Keep your software up to date: Companies like Google and Apple timely release software updates for their app stores. Software updates include security patches that can help to protect your device from malware. It is important to install software updates as soon as they are available.
Scan your device for malware: A trusted security app will help you scan your device for malware and remove any infections that it finds.
Signs if you device is infected with malware
Some of the signs of malware infection include unusual battery drain, pop-up ads, unexplained changes to your device settings, and more. If you notice any of these signs, it is important to scan your device for malware.
Smartphone under 12K: These are the best smartphones under 12,000!