Triada Banking Trojan Found on 42 Models of Low-Cost Android Smartphones

fake Adobe Flash update

Security researchers discovered 42 models of low-cost Android smartphones infected with dangerous Triada banking trojan.

Researchers from Dr.Web, a Russia based Antivirus firm discovered it and said that all the 42 models sold were already infected the Android.Triada.231 banking trojan.

“In the middle of 2017, Doctor Web analysts discovered a new Trojan Android.Triada.231 in the firmware of some cheap models of Android devices. Since this detection, the list of infected devices has been constantly increasing. At the moment, the list contains over 40 models. Doctor Web specialists have monitored the Trojan’s activity and now we can publish the results of this investigation.”

The Triada trojan was first spotted in 2016 which aims at stealing financial and personal data from the devices.

Read more on: Single Character from Indian Language Crashes Multiple Apps in Apple

The trojan can root devices and infect the process of a core android system component zygote which is used to launch all applications. The only way to remove the malware is by wiping out the entire device and reinstalling the OS.

Once the trojan is injected into this module, they can penetrate other running applications. By this way, they can carry out malicious activities without user intervention.

This is not the first time pre-installed malware are discovered on Android devices earlier in July 2017 Dr.Web researchers discovered the same Triada trojan in four Android models which are Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

According to Dr.Web a software developer from Shanghai, China is responsible for the infection.

“The analysis of this application showed it is signed with the same certificate as Android.MulDrop.924. Doctor Web previously wrote about this Trojan in 2016. We can presume the developer that requested adding the additional program into the mobile operating system image can be connected expressly or implicitly with the distribution of Android.Triada.231” Said in the blog post published by Dr.Web.

Below are the list of Android smartphone which are infected with the banking trojan provided by Dr.Web:

Leagoo M5,Leagoo M5 Plus, Leagoo M5 Edge, Leagoo M8, Leagoo M8 Pro, Leagoo Z5C, Leagoo T1 Plus, Leagoo Z3C, Leagoo Z1C, Leagoo M9, ARK Benefit M8, Zopo Speed 7 Plus, UHANS A101, Doogee X5 Max, Doogee X5 Max Pro, Doogee Shoot 1, Doogee Shoot 2, Tecno W2, Homtom HT16, Umi London, Kiano Elegance 5.1, ILife Fivo Lite, Mito A39, Vertex Impress InTouch 4G, Vertex Impress Genius, myPhone Hammer Energy, Advan S5E NXT, Advan S4Z, Advan i5E, STF AERIAL PLUS, STF JOY PRO, Tesla SP6.2, Cubot Rainbow, EXTREME 7, Haier T51, Cherry Mobile Flare S5, Cherry Mobile Flare J2S, Cherry Mobile Flare P1, NOA H6, Pelitt T1 PLUS, Prestigio Grace M5 LTE, BQ 5510

You may be interested in reading: The Narrative is the Enemy: Cyber Crisis and Changing Paradigms


Please rate this content