Did you know Hidden Malware in Fake Android Phones Hijacks Messages, Alters Crypto Transactions

 

Counterfeit Android phones are giving users a surprise that they might not have anticipated. Think along the lines of preinstalled malware software that’s lurking all around.

Antivirus supplier Kaspersky was the first to discover how this malware came hidden in the device’s firmware. It functions as an array of instructions that controls all the hardware components and then boots this software up to higher levels.

The malware remains undetected and then grants attackers complete control over the compromised devices. This news arises after discovering the threat has impacted more than 2,600 people. Dubbed Triada, it first rolled out in 2016 and was then preloaded on cheaper Android devices in the past. In that case, Triada was seen circulating across different counterfeit variants of the popular phone sold across Brazil, Russia, Indonesia, and Germany.

The Triada version is combined into the system’s framework, and it integrates into every running process out there. The capabilities entail hijacking ownership of all the messaging platforms and going through browser activity while adding links.

They similarly intercept and get rid of SMS texts. Furthermore, the malware can install different dangerous payloads and silently alter crypto addresses to carry out transactions.

Experts fear hackers are doing everything to exploit holes across the supply chain of counterfeit devices from Android so they can download more malware. Now the question is if vendors behind these products could have installed Traida to help produce more revenue.

These findings are reminders of how we need to be careful about the low-cost Android phones in the market that are being supplied by mysterious vendors. Before, malware was found across TV boxes on Android that ran older versions of the OS.

Now, the antivirus from Kaspersky can actually detect Triada. However, the company is not supplying goods like antivirus detectors across America due to the ban arising from links to Russia.