Android smartphones from various manufacturers have reportedly been found to be infected with malware out-of-the-box, affecting users from multiple countries including India, Indonesia, Mexico, Thailand, Russia, and the US. The software can compromise the affected user’s privacy and lead to a poor user experience due to excessive battery usage. The Guerrilla malware can also update itself and implant additional software on the victim’s phone to collect personal data and inject ads into regular apps, according to security researchers.
Security firm Trend Micro recently reported that around 8.9 million Android phones were infected with the Guerrilla malware, adding that handsets from over 50 manufacturers were affected. The research was presented at the recently concluded Black Hat Asia 2023 security conference. The malware operator behind the Guerrilla malware reportedly has similarities with the Triada malware that was detected on phones in 2016.
The malware, which is preinstalled on these phones, can negatively impact a user’s experience including battery drain and use of resources like the phone’s processing power. as per the report. It is worth noting that the security firm has not mentioned any of the manufacturers or models affected by the malware. The Guerrilla malware was first detected on smartphones in 2018, and the malware was detected on apps downloaded via the Google Play store.
According to details shared by Trend Micro, the Guerrilla malware can install additional malicious software via a command and control (C&C) server controlled by the attacker known as the Lemon Group. These “modules” can collect user data to be sold to advertisers, inject ads to gain revenue, and use up the resources on the victim’s phone. The malware is also capable of controlling popular messaging app WhatsApp, allowing it to send texts for “overseas marketing”, according to the report.
The report states that smartphones from Asia and North America were impacted the most with 55.26 percent and 16.93 percent of all devices affected, respectively. Countries that were most affected by malware are the Angola, Argentina, India, Indonesia, Mexico, Russia, South Africa, Thailand, the Philippines, and the US.
While Trend Micro says that its investigation was aimed at smartphones, other IoT devices like Android TV and smart TV boxes, entertainment systems, and Android-based watches for children have also been infected by the Lemon Group. The security firm estimates that the malicious software has been spread to smartphones in several countries over a period of five years, likely translating to a significant profit for the Lemon Group behind the malware.