Smartphones, particularly budget devices, could be preinstalled with shady firmware that may provide companies or other entities access to user data. This claim has been made by cybersecurity researcher Trend Micro, who warned that a threat actor tracked as Lemon Group has control over millions of smartphones distributed worldwide thanks to preinstalled Guerrilla malware. Guerrilla is an implant planted by the Lemon Group that loads a downloader that serves as the primary plugin, which can fetch and run other plugins. The secondary plugins can capture SMS messages, harvest application data, hijack applications such as WhatsApp to send messages, and deliver ads when launching official apps. Although security experts have been aware of similar threats for years, Trend Micro’s latest report highlights the scale of the Lemon Group’s operation.
Philosophical discussion
The growth of cybersecurity threats in recent years has forced us to question what information we share and who has access to it. Companies have unprecedented access to our personal information, gathered by applications on our smartphones, mostly by tracking our online activity. With the rise of these pre-installed malware, end-users seem to be at the receiving end of a double whammy. On one side, they have companies tracking their online activity, and on the other, an increasing number of third-party vendors are pre-installing malware to access sensitive information. Smartphones represent the primary way we interact with our digital world and contain sensitive information about us. Therefore, it is important to remember that cybersecurity is not a one-sided issue. While the operating system’s providers improve security measures, consumers must also take the necessary steps to protect their data.
Editorial
The latest report by Trend Micro highlights the danger of pre-installed malware. The Guerrilla malware identified on millions of smartphones worldwide underscores the importance of reliable cybersecurity measures. Smartphone manufacturers and third-party vendors must be held accountable for any malware preinstalled on the hardware they sell. The Lemon Group’s operation is another reminder of the importance of data privacy and the long-term damage that can be inflicted on vulnerable consumers. We urge technology companies to hold third-party vendors accountable for any malware made available through their devices. Additionally, we call on governments worldwide to enforce strict data protection laws, with severe punishments for companies that fail to adhere to them.
Advice
Consumers are urged to take the necessary steps to protect their valuable data, which includes monitoring the content, source, and permissions for each app downloaded on a smartphone. Users should also avoid budget smartphones from unknown vendors. These companies pose a significant threat as the lack of regulations and quality assurance measures in place put consumers’ data security at risk. Furthermore, users should keep their operating systems and the applications on their phones updated as manufacturers regularly push out security updates. Finally, consumers must exercise caution when installing third-party applications as the majority of malware finds its way onto smartphones through third-party apps.
<< photo by Sora Shimazaki >>
You might want to read !
- The Heightening Risks of Cyberwarfare Amid China-Taiwan Tensions
- “Uncovering the Weak Links: Cisco Small Business Switches Riddled with Remote Attack Vulnerabilities”
- Microsoft Teams’ Security Features Under Scrutiny As Cyberattacks Increase
- Cisco Users Beware: PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities
- Manufacturing Security: Strategies for Cutting the Attack Surface