He first report it came from security company Trend Micro. Researchers who followed a presentation conducted at the Black Hat security conference in Singapore reported that up to 8.9 million phones from up to 50 different brands were infected with malware.
documented First found by researchers at security firm Sophos, Guerrilla, as they called the malware, was found in 15 malicious apps that Google allowed on its Play Store.
How does the “Guerrilla” malware work?
Guerrilla causes infected devices to communicate with a remote command and control server to check for new malicious updates to install. These malicious updates collect data about users that can be sold to advertisers. The malware also installs aggressive advertising platforms that can drain battery reserves and affect the user experience.
The country with the highest concentration of infected phones was the United States, followed by Mexico, Indonesia, Thailand and Russia.
Trend Micro did not identify the affected brands.
The next day, TechCrunch published a second report detailing that several Android TV boxes sold through Amazon were infected. the boxes of model T95 , they report to a command and control server that, like Guerrilla servers, can install any application the malware writers want. The program pre-installed in the boxes is known as clickbot. It generates advertising revenue by displaying ads in the background.
How to avoid this problem?
If you want to buy an Android phone, it is advisable to go towards well-known brands such as Samsung, OnePlus or Asus, which generally have more reliable quality and warranty controls in their inventory. To date, there are no reports of high-end Android devices coming with pre-installed malware. Similarly, there are no reports for Apple devices.