leave a comment
The Indonesian Express
infotech
ANTARA/Shutterstock/am
Beware Of The Threat Of A New Version Of The Trojan Triada On Android Devices
Friday, 11 Apr 2025
Cybersecurity solutions and services provider Kaspersky has discovered a new version of the sophisticated Triada Trojan on fake Android smartphones allegedly sold through unauthorized resellers. According to a company press release on Monday (7/4), Kaspersky solutions detected the new variant as Backdoor.AndroidOS.Triada.z. Embedded in the system firmware, the malware operates undetected and gives attackers full control over the infected device. More than 2,600 users worldwide have been affected by the malware attack. The attacks mainly targeted users in Russia, Brazil, Kazakhstan, Germany, and Indonesia. Unlike regular mobile malware that is delivered via malicious apps, the Triada variant integrates into the system framework, infiltrating every running process, thus enabling a wide range of malicious activities. The malicious activities in question include stealing accounts on messaging and social media apps, including Telegram, TikTok, Facebook, and Instagram; intercepting, sending, and deleting SMS messages; and sending and deleting messages on apps like WhatsApp and Telegram. In addition, attackers can change the addresses of crypto wallets, redirect phone calls by spoofing caller IDs, monitor browser activity, and inject links. With this malware, attackers can also activate premium SMS charges, download and execute additional payloads, and block network connections to bypass anti-fraud systems. Malware analyst at Kaspersky Threat Research Dmitry Kalinin said that the Triada Trojan has evolved into one of the most sophisticated threats in the Android ecosystem. The new version infiltrates devices at the firmware level before it even reaches the user, indicating a supply chain compromise. "According to open source analysis, the attackers have funneled at least $270,000 (around Rp4.5 billion) in stolen crypto assets to their wallets, although the actual number may be higher due to the use of untraceable coins such as Monero," Kalinin said. ??????? The Triada Trojan was first discovered in 2016. It has continued to evolve, leveraging system-level privileges to commit fraud, hijack SMS authentication, and evade detection.
