New Malware alert! Nearly 90 lakh android devices infected with Guerilla Malware, Tips to protect your device

A cybercrime organisation called the Lemon Group has reportedly infected 8.9 million Android devices worldwide with a Guerilla malware.

Technology
By Sunita 0
Free Bot Removal Tool
Photo Credit: IANS

In another incident malware attack, a cybercrime organisation called the Lemon Group has reportedly infected 8.9 million Android devices worldwide with a Guerilla malware.

Among the nearly 9 million devices there are smartphones, watches, TVs, and TV boxes.

Japanese multinational cyber security software company, Trend Micro, reported that the malware has risked the accounts and personal data of Android users.

The Guerilla malware allegedly allows cybercriminals to perform various malicious activities such as stealing one-time passwords from SMS, hijacking WhatsApp sessions, loading additional payloads, setting up a reverse proxy from the infected device, and more.

According to cyber security software company, the malware has infected millions of Android devices across the world in over 180 countries.

India is in the top 10 list of countries affected by this malware including US, Mexico, Indonesia, Thailand, Russia, South Africa, Angola, Philippines, and Argentina.

Lemon group

Lemon Group is a large and sophisticated cybercrime organisation, which has been operating for several years. According to the report, the Lemon Group was first noticed by the cyber security firm in February 2022. However, it allegedly changed its name to “Durian Cloud SMS” later. It still works with the same servers.

The Trend Micro company said in a blog post that they have detected over 490,000 mobile numbers used for OTP requests of Lemon SMS and, later, Durian SMS service. The customers of Lemon SMS PVA generate OTPs from platforms like JingDong, WhatsApp, Facebook, QQ, Line, and Tinder, among other applications.

The report reveals that the Lemon Group has installed Guerilla malware and other types of malware tools to attack victims. Though, there is noclear information on how the device got infected with the Guerilla malware. But, the company revealed that they have found that it is often pre-installed on devices that have been re-flashed with a new ROM.

Notably, the Guerilla malware can load additional plugins that carry out specific tasks, such as:

SMS plugin: It can steal the one-time passwords sent via SMS for WhatsApp, JingDong, and Facebook.

Proxy plugin and proxy seller: Attackers can use this plugin to invade victim’s network resources by setting up a backward proxy from the infected phone.

Cookie plugin/WhatsApp plugin/Send plugin and promotion platform: These plugin sends Facebook cookies to a central server. The compromised device can then take control of WhatsApp sessions and send unwanted messages.

Splash plugin: This displays unwanted pop-up ads while users are using official apps.

Silent Plugin: This tool silently installs additional apps or removes existing ones based on instructions from a central server. The process happens in the background without the user noticing.

You can protect your Android device from malware by Downloading apps from trusted sources like Google Play Store, App store, check all the details before giving app permissions, update your software to latest version,  scan your device for malware and remove any infections in a regular interval.

Also Read: Hackers Selling New Malware On Telegram That Targets MacOS Users

 
Kalinga TV is now on WhatsApp. Join today to get latest Updates
 
Sunita 5521 news 10 comments

Hi I am Sunita and i work as a copy editor in KalingaTV.com. I write articles on varied segments including Tech and Automobile. Also I am passionate towards writing State and news stories.

You might also like More from author
Leave A Reply

Your email address will not be published.