Home Malware Programs Trojans Triada Android Trojan

Triada Android Trojan

Posted: July 7, 2020

Triada Android Trojan is a threatening implant that may be delivered to devices via fake application packages. Still, it may also be planted on devices that just left the manufacturer's factory – the latter option turns Triada Android Trojan into a very threat since many users might be unaware that their brand new phone is infected by malware. The threat was first spotted in 2016, and researchers soon discovered a long list of Chinese phone brands that had the Triada Android Trojan planted on them by default – Leagoo, Prestigio, Mito, iLife, and Vertex were just some of the affected brands. It is not clear whether the manufacturers intentionally had the malware installed alongside the Android operating system, or if an outside attacker was responsible for the issue.

Often, the Triada Android Trojan default package was not capable of executing any threatening tasks since it was missing the modules to do so. Instead, its sole purpose was to gather some hardware and software information about the compromised device and then transfer it to the attacker's server. Once this task is accomplished, the attackers would create a unique ID for the victim, and then compile a list of corrupted modules that will be installed on the infected device. This way, the Triada Android Trojan can easily expand its functionality by introducing the exact tools that the attackers want to use.

Out-of-the-Box Malware Plagues Chinese-Made Android Smartphones

Another special feature of the Triada Android Trojan is that it is able to modify the Zygote Android process maliciously. In short, this process is responsible for handling how new Android applications are launched – by modifying its behavior, the Triada Android Trojan can ensure that its modules will be executed whenever the victim runs any of their Android applications. This is a unique method of gaining persistence.

The Triada Android Trojan was often used for small-scale money fraud – the attackers completed in-application purchases via the infected devices, and they also controlled the user's text messages to bypass two-factor authentication measures. However, thanks to its modular structure, the Triada Trojan can easily do much more.

Out-of-the-box malware like the Triada Trojan is exceptionally threatening because users are unlikely to suspect a thing. This is why it is recommended to invest in a mobile antivirus product as soon as you obtain a new smartphone.