A cybercrime enterprise known as “Lemon Group” has pre-installed a malware called “Guerilla” on nearly 9 million Android handsets. These infected devices include smartphones, smartwatches, TVs, and TV boxes, and they have been manufactured by 50 different companies. Researchers from IT security firm Trend Micro have uncovered the monetization strategies employed by Lemon Group, highlighting the exploitation of pre-infected devices for financial gain.
The Exploitation of Pre-Infected Devices
Trend Micro researchers have delved into the methods employed by Lemon Group to infect the devices, including the use of malicious plug-ins and the establishment of professional relationships with various businesses. The primary focus of Lemon Group’s operations lies in the utilization of big data. They analyze vast amounts of data, including characteristics of manufacturers’ shipments, advertising content from different users at different times, and hardware data with detailed software push.
Monitoring and Further Infections
One alarming aspect of Lemon Group’s operations is their ability to monitor customers and target specific regions for further infections. By infecting devices with additional apps, they can tailor their advertising efforts and display ads only to users from certain regions. This targeted approach enables Lemon Group to maximize their profits at the expense of legitimate users.
Uncovering the Extent of Infection
While researchers have identified approximately 9 million infected devices, they suspect that the actual number may be higher. Many devices may not have communicated with the command-and-control server, remained unused or unactivated by the threat actors, or have not yet been distributed to their intended targets. Therefore, the true scale of the Guerilla malware infection could be much larger than currently reported.
Presentation at Black Hat Asia 2023
Trend Micro’s research on the Guerilla malware and Lemon Group’s operations was recently presented at the Black Hat Asia 2023 security conference in Singapore. The researchers shared their findings regarding the malware’s infection methods, monetization strategies, and the alarming scope of this cybercrime operation.
The Hindustan Herald Is Your Source For The Latest In Business, Entertainment, Lifestyle, Breaking News, And Other News. Please Follow Us On Facebook, Instagram, Twitter, And LinkedIn To Receive Instantaneous Updates. Also Don’t Forget To Subscribe Our Telegram Channel @hindustanherald