Guerilla

Nowadays, with the ever-growing number of smartphones globally, there are malware types targeting mobile devices. Among them is a threat that is often referred to as click fraud. Usually, click fraud involves a shady administrator of a website with advertisements paying low-wage workers or using bots to click on the advertisements present on their site to generate more revenue from the parties advertising on their platform. However, click fraud also can take other forms, such as boosting the stats of mobile applications. This is the case of the Guerilla threat - an Android Trojan whose goal is to hijack mobile devices and use them to pump the statistics of various applications hosted on the Google Play Store artificially.

Propagation Method

The creators of the Guerilla Trojan had been distributing this threat via bogus applications that could be found on the Google Play Store. This leads us to believe that the authors of this threat have bypassed the security checks that the developers at the Google Play Store had put in place successfully. However, the applications in question did not carry the unsafe payload of the Guerilla Android Trojan. Instead, they would operate as downloaders. Once the user downloads and installs the bogus application, it will connect the attackers’ C&C (Command & Control) server swiftly and fetch the unsafe payload of the Guerilla Trojan.

The Purpose of the Guerilla Malware

When the Guerilla malware is up and running, it will use up a very significant amount of data because this threat was programmed to look for particular applications that are hosted on the Google Play Store, download them, give them positive review, and then delete them so that the users do not notice that there is unauthorized activity taking place on their mobile devices.

Apart from the click fraud aspect of the attack, the Guerilla threat has the potential to cause more damage to the compromised host significantly. This is because the Guerilla malware also can serve as a Trojan, which would allow its operators to plant additional threats on the infected Android device.

If you are using an Android mobile device, make sure that you invest in a reputable anti-malware application compatible with your system. Do not forget to update the application regularly to ensure maximum safety for your device.