HQ/EMEAFind out how we can help your business
A new Triada malware strain has been preinstalled on hundreds of counterfeit Android devices. Reports revealed that this new virus could enable threat actors to steal data when it activates on an infected device.
Researchers also noted that this campaign mainly affects Russian users, with at least 2,600 confirmed infections last month. Moreover, they discovered Triada on counterfeit versions of popular smartphone models marketed at cheap costs online to lure naive buyers.
The Triada malware is a modular Android virus that initially appeared nearly a decade ago.
The Triada malware is a modular strain discovered in 2016. It was regarded as a pioneer due to its ability to operate almost exclusively in the device’s RAM to bypass security detection.
Since then, there have been numerous reports of Triada hiding in the firmware of low-cost Android phones sold through unauthorised retail channels, posing a stealthy and persistent threat that cannot be easily eliminated.
On the other hand, the latest version remains highly evasive as it lurks in Android’s system architecture and duplicates itself in every smartphone process. The most recent Triada virus strain conducts operations on affected devices, such as stealing accounts from messengers and social media, sending and deleting messages using WhatsApp and Telegram to spoof people, and hijacking cryptocurrency by changing application wallet addresses.
Investigations also show that the malware can track browser activities and swap links, spoof phone numbers during calls to redirect discussions, intercept, send, and delete SMS messages, allow premium SMS to charge paid services, download and launch extra software remotely, and block network connections to avoid discovery or undermine defences.
Furthermore, the new Triada virus stole at least $270,000 worth of bitcoin. However, the amount the operation stole is unknown because it includes the Monero crypto. Researchers are unsure how the devices became infected with Triada, but they suspect that it resulted from a supply chain attack.
The new version could have been integrated into the smartphone firmware before it reached customers. At some point, the supply chain may have been compromised, and merchants may be unaware that they are selling Triada-branded phones.
Therefore, Android smartphone users should only purchase smartphones from approved distributors to reduce the risk of compromise, especially from devices that come from sketchy sources.
