Low Cost Android Device Preloaded with Triada Trojan

Low Cost Android Device Preloaded with Triada Trojan

Foreign media Security Week reports that some low-end Chinese Android phones were preloaded with Triada Trojans. Although Google has spent a lot of effort to improve the security of Android, but the effect is beyond satisfied.

Just about few days back, Google disclosed a malware that it believes may be the product of the bustling Israeli surveillance scene, malware “Lippizan”; “Lipizzan was a sophisticated two stage spyware tool.

According to the Russian anti-virus products and solutions provider pointed out that Triada is a complex malware. It can be directly implanted in the Zygote program, and user face the risk financial exposure.

Zygote is  active when the phone is running, which makes it possible to access almost any application process content. Even more frightening is that in the latest variants, the Trojan has been Sandbox support, it was updated to be difficult to track.

Dr.Web revealed that the following devices may be infected

  • Leagoo M5 Plus
  • Leagoo M8
  • Nomu S10
  • Nomu S20

In addition, the Trojan recently was embedded libandroid_runtime.so System. Dr.Web suspects that the ROM maker or other person who can use the Android code has ulterior motives to pre-install the Trojan software to the device before shipment.

As we know the OEM smartphone producer mainly focusing on low-cost market, it is expected that they are unlikely to introduce any security updates for these devices.