They warn of the existence of some 8.9 million Android phones with pre-installed malware

MADRID, May 19. (Portaltic/EP) –

TrendMicro researchers have alerted to the existence of android mobile phones that reach the user pre-infectedthe result of a campaign that takes advantage of the global distribution of these devices to access data that they later sell to advertisers.

He Malware Triad was identified in 2016 as an Android Trojan that installed additional applications on devices, for purposes of ‘spam’ and to deceive statistics. Later, it mutated and became an android backdoor.

This new version of Triada allowed it to be introduced into the production chain of some mobile phone models, so that they reached the market already affected by a back door that allowed the device to be infected, as Google explained in 2019.

From this investigation, TrendMicro has discovered a ‘botnet’ powered by attacks that compromised the mobile supply chain, linked to a malicious actor they have identified as Lemon Group, and? use Guerrilla malware. This, at some point, has worked together with those responsible for Triada.

The threat carried out by Lemon Group, a firm linked to Big Data businesses, infects smartphones with Guerrilla, in such a way that it installs a backdoor in them that allows communication with a remote server from which it checks if they exist malicious updates to install.

It is precisely these updates that collect user activity data, which Lemon Group subsequently sells for advertising purposes, as explained from TrendMicro on their blog.

According to estimates, the affected mobile phones have been distributed in more than 180 countries and they belong to different brands that use Android as their operating system. They estimate the number to be 8.9 million3.85 percent in Europe, although most have been determined in Asia (55.26%).

Researchers have pointed out that this scheme has been extended to other Internet of Things devices (IoT), such as android teams TV. In this sense, an investigation shared by TechCrunch has revealed that some Android TV streaming devices have been sold on Amazon with preloaded malware capable of launching coordinated attacks.

Related articles