Cybercrime organization Lemon Group has infected millions of Android phones and other devices with malware even before it reaches the user. Anti-virus company Trend Micro recently gave a presentation on this at the Black Hat Asia 2023 Conference in Singapore.
The malicious software, called Guerilla, can intercept and read text messages, among other things. The malware can also access the user's WhatsApp and Facebook app and then send unwanted messages and use the phone as a proxy. Infected devices are also used for ad fraud.
How the criminals manage to infect Android phones at such an early stage, Trend Micro did not say. The Japanese multinational cyber security software company also did not clarify which phones, manufacturers or models were involved. However, the company did reveal that it has found more than 50 different Android images from different vendors carrying the malware.
Guerilla resides in a custom library that is part of the Android image. The malware can then download and execute additional malware. According to Trend Micro, millions of devices have been infected with it: not only phones but also smart watches and TVs.
