Beware of fake Android phones preloaded with Triada trojan

Cybercriminals are now preloading fake smartphones with malware that can steal your cryptoassets and data, hijack your messaging apps, and cause other types of damage.

Security specialists at Kaspersky estimate that at least 2,600 people have already been using smartphones preloaded with a new version of the Triada trojan, Backdoor.AndroidOS.Triada.z, mostly in Russia.

Fake Android phones of various, yet unspecified, models are being sold by unauthorized dealers at discounted prices.

According to Kaspersky, dealers might not even know that they are selling infected gadgets, as a part of the smartphone supply chain might be compromised, with one of the most dangerous trojans for Android phones preinstalled.

"Moreover, creators of the new version of Triada are actively monetizing their efforts. Transaction analysis shows that they've managed to transfer around $270,000 worth of cryptoassets to their own wallets," Dmitry Kalinin, a cybersecurity expert at Kaspersky, was quoted as saying.

According to him, the total losses might be larger, as the criminals are targeting the most popular privacy-focused cryptocurrency, monero (XMR), which is relatively impossible to track.

Cryptoassets are being stolen through the so-called address poisoning, where the address of a cryptoasset receiver is replaced with an address injected by criminals.

Besides stealing cryptoassets, this version of Triada can also hijack social media accounts and messaging apps, sending messages pretending to be from the owner of accounts on apps such as Telegram, TikTok, and WhatsApp.

According to security researchers, the trojan can also track a smartphone user's internet browsing activity, replace links, and even change phone numbers during a call, allowing criminals to redirect their victims where they need them to go.

Moreover, Triada can also control SMS by sending its own messages, deleting existing ones, and reading what is being sent. Additionally, it can be used to order paid services.

What's more, the updated version of this trojan can also download and launch new programs while interfering with the operations of anti-fraud systems.

By Linas Kmieliauskas.