Kaspersky Lab experts have identified a new and more dangerous version of the Triada Trojan, a sophisticated malware targeting Android devices.
This latest variant has been found pre-installed on counterfeit smartphones sold through unauthorized online stores, posing significant risks to unsuspecting buyers.
Over 2,600 users, primarily in Russia, have already encountered this malicious software.
Pre-Installed Threat in Device Firmware
The updated Triada Trojan is embedded within the firmware of compromised Android devices, specifically in the system framework.
This deep integration allows the malware to infiltrate every process running on the device, granting attackers nearly unlimited control.
The Trojan’s extensive capabilities include stealing user accounts from instant messaging platforms like Telegram and TikTok, intercepting and manipulating messages on WhatsApp and Telegram, and replacing cryptocurrency wallet addresses during transactions to divert funds.
Additionally, the malware can monitor browser activity to replace links, manipulate phone numbers during calls to redirect victims to fraudulent contacts, and intercept or delete SMS messages.
It also enables attackers to send premium-rate SMS messages for financial gain and block network connections to disrupt anti-fraud systems.
The attackers behind this version of Triada have reportedly transferred approximately $270,000 in cryptocurrencies to their wallets, with some transactions involving untraceable currencies like Monero.
Supply Chain Compromise Suspected
According to Dmitry Kalinin, a cybersecurity expert at Kaspersky Lab, this version of Triada likely infiltrates devices during the supply chain process, potentially without the knowledge of retailers.
“The Triada Trojan has been known for a long time and remains one of the most complex threats to Android devices.
Its new version penetrates smartphone firmware even before reaching users,” Kalinin stated. This highlights the growing risks associated with pre-installed malware on counterfeit devices.
Kaspersky Lab’s analysis suggests that the authors of this malware are actively monetizing their efforts through cryptocurrency theft and other malicious activities.
The scale of the operation underscores the importance of vigilance when purchasing smartphones from unofficial sources.
To protect against such threats, cybersecurity experts recommend purchasing smartphones exclusively from authorized distributors and installing robust security solutions immediately after purchase.
Kaspersky’s mobile security solutions can detect and neutralize this variant of Triada, identified as Backdoor.AndroidOS.Triada.z.
The discovery of this advanced malware variant highlights ongoing challenges in securing Android devices against supply chain attacks.
As cybercriminals continue to evolve their tactics, users must prioritize security measures to safeguard their personal data and financial assets.
Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates
