Heads up, Android users! Before buying a new phone, make sure to verify the device’s authenticity and avoid buying counterfeit phones as numerous Android phones come pre-loaded with Triada malware variant.
New Android Phones Pre-Infected With Triada Variant
According to a recent press release from the Russian cybersecurity giant Kaspersky, several counterfeit Android phones now come pre-loaded with the data-stealing malware Triada.
As explained, the Kaspersky Lab researchers observed a re-emergence of Triada in a new campaign involving new devices. The malware targets Android users via fake devices mimicking known smartphone brands. The subtle differences in the devices’ names and models may confuse an average buyer, tricking them into purchasing an infected device for a low price.
The researchers observed the recent wave of this campaign predominantly affecting the users in Russia. Whereas the overall number of victims fallen prey to the recent Triada variant exceeds 2600 globally.
This infectious campaign is even more dangerous than the previous iterations, given that the malware is embedded in the devices’ firmware. Although it has always reached its victims via pre-loaded, brand new Android devices, this time, the malware has penetrated even deeper into the firmware, gaining more permissions. As stated by the researchers,
It is located in the system framework. This means that a copy of Triada gets into every process on the smartphone. The malware has broad functionality and gives attackers almost unlimited control over the gadget.
Consequently, the malware performs explicit device monitoring for the threat actors without the victims knowing. Some of its malicious functionalities include stealing account credentials for social apps, IM apps, and banking applications, stealing crypto wallets, access WhatsApp and other IM apps to send or delete messages, replacing numbers during calls, reading, sending, and deleting SMS messages, monitoring users’ browser activities and replacing legit URLs with malicious links, subscribing the victims to premium services, blocking device network as needed, as downloading other apps on the device.
How To Delete Triada Malware
Triada is a potent data stealing trojan that usually targets users via pre-infected devices. The recent campaign isn’t the first such attempt from the malware to target Android users. Earlier, Triada made it to the news in 2018 for infecting 40 Android devices during manufacturing, reaching the users right after device unboxing. Then, in 2023, researchers discovered another Triada campaign, this time infecting Android TVs.
Getting rid of such deeply embedded malware is indeed difficult and requires aggressive steps, such as device rooting. However, users may certainly avoid such threats by ensuring they buy their gadgets only from authorized sellers. Even for the recent Triada campaign, the researchers advise the users to purchase their devices from official sellers and to equip their devices with robust anti-malware solutions right after unboxing to prevent potential malware infections.
Let us know your thoughts in the comments.
