"Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise"
Millions of Android phone owners worldwide unknowingly contribute to the financial upkeep of the Lemon Group. The Lemon Group operators infected their devices before they purchased them. Now, they steal and sell SMS messages and one-time passwords (OTPs), serve unwanted advertisements, create online messaging and social media accounts, and more using their mobile devices. Lemon Group has claimed that its clients have access to nearly 9 million Android devices infected with the Guerrilla malware. However, Trend Micro believes that the actual number may be larger. In recent years, a number of cybercriminal groups have developed lucrative business models around pre-infected Android devices. Trend Micro researchers performed forensic analysis on the ROM image of an Android device infected with the Guerrilla malware. Their investigation revealed that the group has infected Android devices in 180 countries. Over 55 percent of the victims are located in Asia, 17 percent in North America, and about 10 percent in Africa. Trend Micro was able to identify over 50 brands of mobile devices, the majority of which were inexpensive. This article continues to discuss Lemon Group's Guerrilla malware model.