Beware, powerful malware is infecting millions of Android smartphones

According to Trend Micro, hackers from Lemon Group (also called Durian Cloud SMS), based in China, may have used third parties to gain access to the devices. So they were able to attack the supply chain, targeting software companies that work alongside manufacturers, or recruiting between manufacturers and distributors. With plugins meant for text messaging, creating a proxy, hijacking social networks, displaying intrusive ads as well as installing or uninstalling apps, Guerrilla seems to have a wide variety of uses.

According to the analytics, the malware is capable of supporting activities such as selling accounts or creating ad traps, and allowing third-party hackers to obtain one-time passwords to break into various services verified by phones. The majority of infected phones will be located in Southeast Asia, but the entire world appears to have been affected, given the data collected via telemetry.

Trend Micro says the number of affected devices could be higher, but because they haven’t been purchased yet, they haven’t contacted the request servers. In spite of everything, 490 thousand phone numbers have already sent requests for unique passwords for various applications such as Tinder, Facebook, QQ or WhatsApp. Note, however, that Trend Micro did not disclose how the infected phone numbers were obtained.