Summary: A new version of the Triada trojan has been discovered preinstalled on numerous Android devices, particularly affecting Russian users. This sophisticated malware can steal sensitive data immediately after the device is set up, and has been linked to supply chain attacks originating from counterfeit smartphone sales. Kaspersky advises users to purchase devices from authorized distributors and consider reflashing to a clean system image to mitigate risks.
Affected: Android devices, primarily those sold through unauthorized retailers
Keypoints :
- Triada trojan, first identified in 2016, is found hidden in the firmware of counterfeit Android phones.
- The new variant can steal credentials, intercept messages, and manipulate transactions, resulting in at least 0,000 in stolen cryptocurrency.
- The infection is suspected to be a result of supply chain attacks, allowing the malware to be embedded prior to device delivery.