132/68 Friday, April 4, 2025
Cybersecurity researchers at Kaspersky have issued a warning about a new version of the Triada trojan that has been found embedded in the firmware of counterfeit Android smartphones designed to imitate popular models. The malware activates as soon as the device is set up for the first time. According to recent data, over 2,600 infections were detected in Russia between March 13 and March 27, 2025. It is believed that attackers tampered with the supply chain, meaning retailers may unknowingly be selling infected devices.
Triada is embedded deep within the system framework, allowing it to be loaded into every system process, giving attackers near-complete control over the device. The malware can steal accounts, send messages, intercept cryptocurrency transactions, track web activity, and monitor SMS communications. Kaspersky reports that the attackers have already withdrawn over $270,000 in cryptocurrency, with the actual amount likely higher, especially in the case of Monero, a privacy-focused coin that is notoriously hard to trace.
Source https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html
