Harshika Chowdary
22-05-23
Android smartphones from various manufacturers have recently been found to be infected with preinstalled malware known as Guerrilla, affecting users in several countries, including India, Indonesia, Mexico, Thailand, Russia, and the US. Security researchers have identified the malware as a significant threat, compromising user privacy and causing a poor user experience due to excessive battery usage.
According to a report by security firm Trend Micro, an estimated 8.9 million Android phones worldwide have been infected with the Guerrilla malware. The affected handsets come from over 50 different manufacturers. The research, presented at the Black Hat Asia 2024 security conference, revealed that the malware operator behind Guerrilla shares similarities with the Triada malware discovered on phones back in 2016.
The preinstalled Guerrilla malware negatively impacts user experience by draining the device’s battery and consuming processing power. Trend Micro has not disclosed the specific manufacturers or models affected by the malware. The malware was first detected on smartphones in 2018 and was found to be distributed through apps downloaded from the Google Play Store.
Trend Micro’s investigation into the Guerrilla malware reveals that it can install additional malicious software through a command and control (C&C) server controlled by the attacker, known as the Lemon Group. These “modules” enable the collection of user data for sale to advertisers, injection of ads for revenue generation, and excessive resource utilization on the victim’s phone. Disturbingly, the malware is also capable of taking control of popular messaging app WhatsApp to send texts for “overseas marketing.”
The report highlights that smartphones from Asia and North America are most affected, accounting for 55.26% and 16.93% of infected devices, respectively. Countries heavily impacted by the malware include Angola, Argentina, India, Indonesia, Mexico, Russia, South Africa, Thailand, the Philippines, and the US.
Although the investigation primarily focused on smartphones, Trend Micro warns that other IoT devices, such as Android TV, smart TV boxes, entertainment systems, and Android-based watches for children, have also fallen victim to the Lemon Group’s malware. The security firm estimates that the malicious software has been spreading to smartphones in various countries over the past five years, indicating significant profit for the Lemon Group.
In response to this alarming discovery, Android users are advised to take precautionary measures to protect their devices and personal data. These measures include regularly updating the Android operating system, carefully reviewing app permissions before installation, installing reputable antivirus software, and avoiding downloading apps from third-party stores. It is also advisable to perform a factory reset if a device is suspected to be infected, ensuring all essential data is backed up beforehand.
The revelation of preinstalled Guerrilla malware on Android devices serves as a reminder of the evolving landscape of digital threats. Manufacturers and software developers must enhance security measures to safeguard user privacy and maintain a seamless user experience. Increased awareness and vigilance among users are crucial to combating these types of malware effectively.
As the situation unfolds, security experts and Android device manufacturers are collaborating to address the issue promptly and provide enhanced protection for users in the future.
Protecting Your Android Device
While the discovery of preinstalled malware is disconcerting, there are steps you can take to mitigate the risks and protect your device:
- Regular Software Updates: Ensure your device is always running the latest version of Android, as updates often include security patches that address vulnerabilities.
- App Verification: Before installing any app, carefully review user reviews, ratings, and permissions requested by the app. Stick to trusted sources such as the Google Play Store and avoid third-party app stores.
- Antivirus Software: Install a reputable mobile antivirus app from a trusted vendor. Regularly scan your device to detect and remove any malware or suspicious applications.
- Permissions Management: Review the permissions requested by apps and grant them only when necessary. Be cautious with granting excessive permissions that may compromise your privacy.
- Factory Reset: If you suspect your device is infected with malware, performing a factory reset can help remove the malicious software. Remember to back up your important data before resetting.
- Avoid Rooting or Jailbreaking: Rooting or jailbreaking your device bypasses the built-in security measures, making it more susceptible to malware. Refrain from these practices unless absolutely necessary.
The revelation of preinstalled malware on Android devices is a stark reminder of the evolving landscape of digital threats. It highlights the need for robust security measures and vigilance from both users and smartphone manufacturers. Google, the company behind the Android operating system, has acknowledged the issue and is working closely with device manufacturers to address the situation promptly.
We encourage you to follow the aforementioned precautions to safeguard your Android device and protect your personal information. Stay informed, stay secure.