Wednesday, June 3, 06:58
Home security The Triada Trojan affects smartphones before they are even for sale

The Triada Trojan affects smartphones before they are even for sale


Back to 2016, a malware that is is called Triada, was first discovered by Kaspersky Lab. According to security experts who studied it, it is a rooting Trojan, which operates a machine, gaining access to sensitive parts of its operating system.

Once the Trojan is installed, it installs applications that are downloaded from a command and control server. These applications in turn display ads on affected devices and when the user clicks on one of them, hackers earning money.

However, Triada does not only install applications. It also introduces code into four different browsers, so it can replace ads that appear on websites with others that bring money to the malicious agent. Some of the browsers that may be affected by Triada are AOSP, 360 Secure, Cheetah and Oupeng.

To ensure that a device has enough space to install spam applications, Triada takes advantage of a feature called weight watching, which scores an application or a file depending on the installation date and the certificate. Any applications that are not preinstalled on a device are usually the first to be removed from the malware to create space for applications that want to install it.

To deal with it, Google has introduced improvements to Google Play Protect, which allow the software to automatically detect the Trojan. In addition, the improvements made to the Android operating system have reduced the impact of malware on devices that use older versions of the Google operating system.

However, malicious agents were not prepared to give up so easily. So they found the way to continue to distribute the Triada on devices before they are available for sale.

To do this, they take advantage of the process by which third-party vendors are introducing additional features into the device system, making sure that the Triada vendor records are also in place.

To respond to the latest software releases, Triada inserts code into the Google Play app. This way malware can install spam, without appearing to come from the Play Store and without having to change device settings and enable the "Install from unknown sources" option.

To resolve this problem, Google needed to develop updates that remove files related to the Triada malware, and to avoid future cases of malware distribution, the company also offers the Test Build suite to mobile phone makers.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...