At the Black Hat Asia hacking conference, researchers from the security provider Trend Micro announced that millions of Android smartphones worldwide are infected with malicious firmware - even before the devices leave production. According to the Lemon Group hacker group, it was able to inject malware called "Guerrilla" into 8,9 million devices.
The security researchers warn that cybercriminals rent out remote access to Android smartphones via proxy plugins and are charged per minute for it. Keystrokes of passwords, geographic location, IP address and other confidential data can be accessed. This business model is advertised on Facebook, YouTube and blogs, and there are sales offers on the dark web. It can also be used as an exit node, a server that provides the Tor user with access to the Internet.
Infected Android devices as a business model
This development represents a growing danger for private users and companies worldwide:
- The big smartphone providers Google, Samsung & Co. control their supply chain better; in many cases, however, the production of the devices is outsourced to an OEM, so that a link in the manufacturing chain, such as a firmware supplier, infects the products with malicious code upon delivery.
- Smart TVs and Android TV boxes can also be affected.
- The Supply Chain Due Diligence Act (Supply Chain Act for short), which came into force in Germany at the beginning of 2023 for companies with 3.000 or more employees, controls fair conditions and economic sustainability in the supply chain. But that is only ONE building block that companies should pay attention to in their supply chain.
- It is in the interest of every company to take a close look at the supply chain, because this also has multiple effects on IT security and can create uncontrollable entry gates.
- Another example of a loss of supply chain control is the distribution of 3CX's compromised VoIP client. This incident also stemmed from a previous supply chain attack.
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.