Some may remember it and have even experienced it since this happened in 2016, just when Kaspersky Lab experts discovered a new malware in the form of a mobile virus that they named Triada, a Trojan designed to install additional apps on devices. that it infected, thus causing SPAM attacks on the terminal. Google’s Play Protect security mechanisms were responsible for eliminating the threat.

This threat was stealthy, modular, persistent, and created by very professional cybercriminals. Devices running Android version 4.4.4. and previous ones are the ones that present the highest risk of infection but … after some time in 2019 it reappeared with a more problematic mutation, they changed its base code to allow it to execute code in any application on the system, independently of the necessary permits for this. This backdoor affected the Android OS in versions prior to Android 6 Marshmallow.

This is where things get complicated: normally, many of the mobile manufacturers do not have everything necessary to build an entire smartphone, be it hardware and / or software. That is why they depend on Third Parties or Third Parties, external vendors who help them and create what they need so that their mobile is complete. The problem with Triada was that its creators decided to focus on these Third Parties companies, attacking them to introduce their Trojan malware so that it would end up on the mobile phone on the production line, infecting the terminal directly at the factory.

It is understood that the Triada Trojan was introduced into the production chain of some Android mobile models, so that these reached the market already affected by a back door that allowed it to infect the device. Who was to blame for it? According to Google, a vendor from China, identified as Yehuo or Blazefire, was responsible for introducing the vulnerability into the production chain, thus infecting the entire process.

The features of this malware were very advanced. After entering the user’s device, Triada is implemented in almost all work processes and continues to exist in short-term memory. This makes it almost impossible to detect and remove. Due to the complexity of the Trojan’s functionality, it was evident that the cybercriminals behind this malware were very professional, with deep knowledge of the mobile platform.

To fix this, Google experts worked with device manufacturers and provided instructions to remove the threat from devices and reduce the spread of the various Triada variants through automatic ‘over the air’ (OTA) updates. all infected brands reportedly were Chinese brands such as the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Check also:
What kind of spyware does Android face
ADB Miner – Malware that mines on Android Devices


Un comentario en «Triada Trojan that terrorized Android in its time»

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *