- Kaspersky discovers Android smartphones counterfeit preloaded with triada malware
- Researchers speculate that the supply chain could have been compromised
- More than $ 270,000 in crypto have already been stolen
Brewing versions of popular Android smartphones are sold with preinstalled malware, experts have revealed.
Kaspersky cybersecurity researchers have warned users to buy Android smartphones that are highly reduced in Shady online stores after observing at least 2,600 victims, mainly located in Russia, who received their brand new smartphones bearing the Triada Trojan.
“The new version of the malware is in the firmware of infected Android devices,” reads the traditional announcement. “It is located within the framework of the system, which means that a copy of Triada is making its way in each process of your smartphone.”
Targeting journalists
Malware would have a wide range of features and could give the attacker “almost unlimited possibilities” to control compromise devices.
Among other things, Triada can steal user accounts in messengers and social networks, send messages stealthily in the name of the victim, steal cryptocurrencies, monitor the victim’s browser activities, replace links, exchange numbers during calls, monitor and intercept SMS messages, download and run applications and block the network connections.
Dmitry Kalinin, cybersecurity expert at Kaspersky Lab, said that Triada remains “one of the most sophisticated and dangerous threats to Android”, but added that researchers do not really know how the devices have been infected.
“It is possible that one of the stages of the supply chain is compromised,” he said, “so that stores selling the devices may not even suspect that they sell devices infected by Triada.”
These thousands of victims have already undergone hundreds of thousands of dollars in losses, concluded the researchers.
Kaspersky claims that about $ 270,000 in cryptocurrency have already been siphoned, which suggests that the number could be even higher because certain transactions have been carried out in Monero difficult to transform.
The best way to avoid this risk is to buy only smartphones from authorized sellers. Alternatively, users could reflect their device using a Google clean system image.
Via Bleeping Compompute
