The discovery of a rogue platform built on top of a botnet came as a result of an investigation into SMS Phone-Verified Account (PVA) services. Most of the devices affected are low-cost Android phones made by original equipment manufacturers like Lava, ZTE, Mione, Meizu, and Huawei.
Guerrilla is a piece of malware that parses SMS messages sent to infected Android phones. Without the owners’ knowledge or approval, the botnet operator employs an army of hacked devices to receive, analyze, and report SMS verification codes. It enables quick access to thousands of mobile phone numbers in various countries.
According to the company’s telemetry data, the majority of the infections are concentrated in the following countries:
The researchers concluded that the presence of SMS PVA services tarnishes the integrity of SMS authentication as the primary method of account validation.