NPP Australia: Notifying Customers of a New PayID Leak
infosec

NPP Australia: Notifying Customers of a New PayID Leak

PayID's search function on Australia's new payment platform (NPP) has encountered problems once again. This...
Read More
infosec

Man-in-the-middle attacks: What are the most common types?

In a previous article we analyzed exactly what man-in-the-middle attacks are, how they work, how they are carried out and how we can protect ourselves against ...
Read More
infosec tweaks

Man-in-the-middle attacks: What is and how to protect yourself?

A man-in-the-middle attack presupposes three parts. The victim, the entity with which the victim is trying to communicate ...
Read More
infosec

Your keyboard can betray your passwords to hackers

Hackers are able to edit your online passwords only from the sound of your keystrokes, revealed a ...
Read More
infosec

Bluetooth vulnerability affects Apple, Qualcomm and Intel devices!

Bluetooth is used worldwide as one of the most convenient methods of connecting and controlling connected devices. However, according to ...
Read More
Latest Posts

The Triada Trojan affects smartphones before they are even for sale

triad

Back to 2016, a malware that is is called Triada, was first discovered by Kaspersky Lab. According to security experts who studied it, it is a rooting Trojan, which operates a machine, gaining access to sensitive parts of its operating system.

Once the Trojan is installed, it installs applications that are downloaded from a command and control server. These applications in turn display ads on affected devices and when the user clicks on one of them, hackers earning money.

However, Triada does not only install applications. It also introduces code into four different browsers, so it can replace ads that appear on websites with others that bring money to the malicious agent. Some of the browsers that may be affected by Triada are AOSP, 360 Secure, Cheetah and Oupeng.

To ensure that a device has enough space to install spam applications, Triada takes advantage of a feature called weight watching, which scores an application or a file depending on the installation date and the certificate. Any applications that are not preinstalled on a device are usually the first to be removed from the malware to create space for applications that want to install it.

To deal with it, Google has introduced improvements to Google Play Protect, which allow the software to automatically detect the Trojan. In addition, the improvements made to the Android operating system have reduced the impact of malware on devices that use older versions of the Google operating system.

However, malicious agents were not prepared to give up so easily. So they found the way to continue to distribute the Triada on devices before they are available for sale.

To do this, they take advantage of the process by which third-party vendors are introducing additional features into the device system, making sure that the Triada vendor records are also in place.

To respond to the newer versions of the software, Triada introduces code to the Google Play app. In this way, malware can install spam applications without seemingly not coming from the Play Store and without having to change the device settings and enable "Install from unknown sources".

To resolve this problem, Google needed to develop updates that remove files related to the Triada malware, and to avoid future cases of malware distribution, the company also offers the Test Build suite to mobile phone makers.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *