"Election" hacking has never been simpler than it is today!
infosec

"Election" hacking has never been simpler than it is today!

Being a professional hacker has never been easier and more profitable than it is today. According to...
Read More
infosec

A new Android Trojan misleads users through notifications

A new Android Trojan discovered by security researchers on the Google Play Store uses false notifications to redirect their ...
Read More
infosec

Europol: Training of police officers with ....... a game!

In recent years, cryptocurrencies are a frequent target of hackers' attacks. For this reason, Europol has decided to train ...
Read More
infosec

Dark Web: Selling drugs in exchange for Bitcoins. Now prison!

We know that Dark Web is mainly used by hackers and people who are interested in doing illegal online activities. These people are using ...
Read More
infosec

Twitter: Deleting thousands of fake Iranian and Russian accounts

One of the most common means of spreading misinformation and political propaganda is social media. Twitter found, ...
Read More
Latest Posts

The Triada Trojan affects smartphones before they are even for sale

triad

Back to 2016, a malware that is is called Triada, was first discovered by Kaspersky Lab. According to security experts who studied it, it is a rooting Trojan, which operates a machine, gaining access to sensitive parts of its operating system.

Once the Trojan is installed, it installs applications that are downloaded from a command and control server. These applications in turn display ads on affected devices and when the user clicks on one of them, hackers earning money.

However, Triada does not only install applications. It also introduces code into four different browsers, so it can replace ads that appear on websites with others that bring money to the malicious agent. Some of the browsers that may be affected by Triada are AOSP, 360 Secure, Cheetah and Oupeng.

To ensure that a device has enough space to install spam applications, Triada takes advantage of a feature called weight watching, which scores an application or a file depending on the installation date and the certificate. Any applications that are not preinstalled on a device are usually the first to be removed from the malware to create space for applications that want to install it.

To deal with it, Google has introduced improvements to Google Play Protect, which allow the software to automatically detect the Trojan. In addition, the improvements made to the Android operating system have reduced the impact of malware on devices that use older versions of the Google operating system.

However, malicious agents were not prepared to give up so easily. So they found the way to continue to distribute the Triada on devices before they are available for sale.

To do this, they take advantage of the process by which third-party vendors are introducing additional features into the device system, making sure that the Triada vendor records are also in place.

To respond to the newer versions of the software, Triada introduces code to the Google Play app. In this way, malware can install spam applications without seemingly not coming from the Play Store and without having to change the device settings and enable "Install from unknown sources".

To resolve this problem, Google needed to develop updates that remove files related to the Triada malware, and to avoid future cases of malware distribution, the company also offers the Test Build suite to mobile phone makers.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *