How 9 Million Android Devices Are Exploited for Cybercrime
Lemon Group, a large cybercrime operation, has infected nearly 9 million Android devices worldwide with the Guerilla malware
Impacted devices include smartphones, TVs, TV boxes, and watches, with the highest concentration in the U.S., Mexico, Russia, Indonesia, and Thailand
The malware enables additional payload delivery, reverse proxy creation, and WhatsApp session takeovers
Lemon Group has used infrastructure overlapping with the Triada banking trojan to deploy initial malware loaders on more than 50 ROMs across various Android device vendors
The Guerilla malware includes a main plugin with features such as obtaining one-time passwords, establishing reverse proxies, showing unwanted apps, and installing more APKs
The infected devices are transformed into mobile proxies for stealing and selling SMS messages, social media and online messaging accounts, and generating revenue through advertisements and click fraud
The malware implantation methods may involve supply chain attacks, compromised software, compromised firmware updates, or insider involvement in the manufacturing or distribution chain
Explore Sectrio's Global threat landscape report for a comprehensive analysis of the latest cybersecurity risks