It turned out that malware was pre-installed on millions of Android smartphones and Android TVs
Google, which develops Android, strictly confronts software abuse in the Pixel series of genuine smartphones and Android, but Google Play still distributes
Lemon Group's Cybercriminal Businesses Built on Preinfected Devices
https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
https://arstechnica.com/information-technology/2023/05/potentially-millions-of-android-tvs-and-phones-come-with-malware-preinstalled/
Security firm Trend Micro first reported that millions of Android smartphones have malware pre-installed. It all started at a security-related conference, Black Hat, held in Singapore. Among them, security company Sophos announced that `` 15 malicious apps, including malware named `` Guerrilla '', are being distributed on Google Play . Security researchers at Trend Micro tracked Guerrilla and found the malware pre-installed on up to 8.9 million smartphones from nearly 50 different brands.
Guerrilla is malware that installs a backdoor on infected devices and communicates periodically with command and control servers to see if new malicious updates can be installed. The malicious update appears to be used by a threat actor that Trend Micro calls the Lemon Group to collect user data to sell to advertisers. Guerrilla has been shown to covertly install an aggressive advertising platform that can drain battery life and degrade user experience.
Guerrilla hijacks users' WhatsApp sessions to send unwanted messages, establishes a reverse proxy from the infected device to use the affected device's network resources, and injects advertisements into legitimate apps. It is said that it is a large platform with nearly 12 plug-ins that can be used.
Trend Micro says it was unable to identify smartphone brands with pre-installed malware, but the most smartphones infected with Guerrilla are in the United States, followed by Mexico, Indonesia, Thailand, and Russia. It is reported that there are
Regarding the Lemon Group, Trend Micro said, ``Although we were able to confirm some businesses that the Lemon Group does for big data, marketing, and advertising companies, it seems that the main focus is on the use of big data.''
Following this, TechCrunch reported that Android TV devices sold on Amazon also come pre-installed with malware.
Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch
According to TechCrunch, the Android TV devices sold with malware pre-installed are 'model T95 with H616 ' sold by Chinese companies AllWinner and RockChip. You can see that they are sold multiple times. In addition, the Android TV devices sold by AllWinner and RockChip on Amazon have gathered thousands of praise reviews on Amazon, and the average review is said to be very highly rated with 4 stars.
Security researcher Daniel Milisic, who accidentally bought one of the devices, discovered the malware pre-installed on these Android TV devices. Milisic is investigating Android TV devices with pre-installed malware on GitHub .
According to Milisic, pre-installed malware on Android TV devices can remotely install any application desired by the malware author on the infected device via a command and control server, similar to Guerrilla. Known as a clickbot, this malware generates ad revenue for malicious users by covertly clicking ads in the background.
Bill Budington, a security researcher at the Electronic Frontier Foundation, also purchased a problematic Android TV device on Amazon to independently confirm Milisic's findings. According to Milisic, models such as the AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10 were pre-installed with malware.
In addition, Ars Technica said, 'Android devices with malware installed at the factory are not new.Ars Technica has reported this type of event five times in recent years.And these affected models were all low-priced smartphones, ”he pointed out that when purchasing an Android smartphone, it is necessary to choose known brand products such as Samsung, ASUS, and OnePlus. 'There have been no reports of pre-installed malware on high-end Android devices, and there have been no reports of this kind on iPhones,' it said.
Related Posts:
