A strain of malware has been lurking on counterfeit Android phones as preinstalled software.
Antivirus provider Kaspersky discovered the malware embedded in the phones’ firmware, which functions as a set of instructions to control the hardware components and boot up software.
“The malware operates undetected and grants attackers’ full control over infected devices,” Kaspersky warned, after discovering the threat infecting over 2,600 users.
The malware, known as Triada, first emerged in 2016 and has been preloaded on cheap Android phones before. In this case, Triada was found circulating on counterfeit versions of popular smartphones sold in Russia, Brazil, Kazakhstan, Germany, and Indonesia.
“This Triada variant is integrated into the system framework, infiltrating every running process,” Kaspersky says. The capabilities include hijacking control of messaging apps, monitoring browsing activity and injecting links, and intercepting and deleting SMS messages. In addition, the malware can download other malicious payloads and secretly change the addresses for cryptocurrency transactions.
Kaspersky suspects hackers are exploiting a hole in the supply chain for counterfeit Android phones to install the malware. We also wonder if the vendors behind the counterfeit phones may have installed Triada to help them generate revenue.
Recommended by Our Editors
The finding is a reminder to be careful around cheap Android devices from unknown vendors. In the past, malware has also been found on Android TV boxes running older or outdated versions of the OS.
Kaspersky says its antivirus can detect Triada. However, the company no longer offers its antivirus products in the US due to a ban over Kaspersky’s ties to the Russian government.
Get Our Best Stories!
Like What You’re Reading?
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
