Security News > 2023 > May > This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks.

The activity encompasses no fewer than 8.9 million compromised Android devices, particularly budget phones, with a majority of the infections discovered in the U.S., Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, the Philippines, and Argentina.

The infections are globally spread across in over 180 countries, with over 50 brands of mobile devices compromised by a malware strain called Guerilla.

The malware also attracted attention in early 2022 for its ability to intercept SMS messages that match predefined characteristics such as one-time passwords associated with various online platforms, shortly after which the threat actor changed the name of the undertaking from Lemon to Durian Cloud SMS. The goal, per Trend Micro, is to bypass SMS-based verification and advertise bulk virtual phone numbers - which belong to unsuspecting users of the infected Android handsets - for sale to create online accounts.

The unauthorized firmware modifications are believed to have occurred via an unnamed third-party vendor that "Produces the firmware components for mobile phones" and which also manufactures similar components for Android Auto.

The disclosure comes as Microsoft security researcher Dimitrios Valsamaras detailed a new attack method dubbed Dirty Stream that turns Android share targets into a vector for distributing malicious payloads and capturing sensitive data from other apps installed on a device.

News URL

https://thehackernews.com/2023/05/this-cybercrime-syndicate-pre-infected.html