Kaspersky uncovers advanced Triada trojan preinstalled on counterfeit smartphones
Kaspersky has uncovered a new, sophisticated version of the Triada Trojan preinstalled on counterfeit Android smartphones allegedly sold through unauthorized retailers. Embedded in the system firmware, the malware operates undetected and grants attackers' full control over infected devices. More than 2,600 users worldwide have been affected.
Unlike typical mobile malware delivered via malicious apps, this Triada variant is integrated into the system framework, infiltrating every running process. It enables a wide range of malicious activity, including:
● Stealing messaging and social media accounts, including Telegram, TikTok, Facebook, and Instagram. ● Sending and deleting messages in apps like WhatsApp and Telegram. ● Substituting cryptocurrency wallet addresses. ● Redirecting phone calls by spoofing caller IDs. ● Monitoring browser activity and injecting links. ● Intercepting, sending, and deleting SMS messages. ● Enabling premium SMS charges. ● Downloading and executing additional payloads.
● Blocking network connections to potentially bypass anti-fraud systems.
'The Triada Trojan has evolved into one of the most advanced threats in the Android ecosystem,' said Dmitry Kalinin, malware analyst at Kaspersky Threat Research. 'This new version infiltrates the device at the firmware level—before it even reaches the user—pointing to a supply chain compromise. According to the analysis of the open sources, attackers have already funneled at least $270,000 in stolen cryptocurrency to their wallets, though the actual total may be higher due to the use of untraceable coins like Monero.'
Kaspersky solutions detect this variant as Backdoor.AndroidOS.Triada.z.
First discovered in 2016, Triada has continually evolved, leveraging system-level privileges to execute fraud, hijack SMS authentication, and evade detection. This latest campaign marks a concerning escalation, as attackers potentially exploit supply chain flaws to deploy firmware-level malware on counterfeit devices.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Tribune
4 days ago
- Daily Tribune
Telegram to get $300 mn in partnership with Musk's xAI
TDT | New York Telegram established a partnership with Elon Musk's xAI to provide the Grok generative artificial intelligence program on the messaging service for one year, Telegram's CEO announced yesterday. In exchange for implementing Grok across its platforms, Telegram will receive $300 million in cash and equity, plus 50 percent of the revenue from xAI subscriptions sold via Telegram, Telegram's chief Pavel Durov announced on X, the former Twitter. Grok will be accessible on Telegram this summer, Durov said. The terms of the deal may appear unbalanced, but the transaction allows xAI, which in late March acquired Musk's X platform, to have access to Telegram's customers, which Durov estimated has more than one billion users. Generative AI businesses have been aiming to grow their user base in order to recover revenues after huge investments in the stateof-the-art technology. Grok 3 is also going up against OpenAI's chatbot, ChatGPT -- pitting Musk against collaborator-turned-arch rival Sam Altman.
Syyaha
21-05-2025
- Syyaha
HONOR Commits to 6-Years of Android Updates for the Upcoming HONOR 400 Series
[Shenzhen, China – May 21, 2025] Following Google I/O 2025, global technology brand HONOR today announced its commitment to providing 6 years[1] of Android™ updates for its upcoming HONOR 400 Series. This series will also feature advanced AI capabilities built using Google technology. At the Forefront of Android Development and Implementation Building on its long-standing collaboration with Google, HONOR is among the first to bring the latest Android experience to its users. This collaboration enables HONOR to provide developers with quick access to the latest Android releases, allowing users to experience the most recent and secure Android[2] features without delay. Last year, HONOR led the industry by being among the first to release the Android 15 Beta version to HONOR developers. Continuing this tradition of innovation, the Android 16 Beta 3 version has already been made available to developers on the HONOR Magic7 Pro since May 7th. Fostering Open Collaboration in the Intelligent Era HONOR's commitment to open collaboration stands as a cornerstone of the HONOR ALPHA PLAN, which aims at co-creating an open, value-sharing ecosystem with global partners. The deepening long-term partnership between HONOR and global partners exemplify the essence of the HONOR ALPHA PLAN in action. With HONOR 400 Series, users can explore different possibilities with AI Image to Video[3] generation on Vertex using Google's state of the art video generation model, Veo 2. The feature transforms static images – ranging from real photos and AI-generated artwork to precious old photographs – into captivating 5-7 second short videos and live photos. Technology enthusiasts and consumers alike can look forward to the launch of the HONOR 400 Series, which promises to deliver these advanced AI capabilities through the power of open collaboration. [1] HONOR 400 Series users in the EU are the first to benefit from the 6 years of Android™ updates. [2] Google and Android are trademarks of Google LLC. [3] It will be upgraded via OTA. The specific implementation effect may vary depending on the usage scenario, please refer to the actual Initial Sale Period (excluding Latin America and Eurasia): Duration: May 15 – August 31, 2025. Users can claim 2 months of free access via the photo gallery. Extension eligibility will be assessed based on actual usage frequency. Offer Details: After claiming the free access, users can enjoy up to 10 free uses per day within the 2-month period. Note: Offer availability and details vary by region. Please refer to the actual user experience. Avoid using photos of celebrities, political figures, national flags and other sensitive information to prevent risk control.
Gulf Insider
21-05-2025
- Gulf Insider
How Hackers Can Control Your Phone With "Zero-Click" Attack
In 2025, most people are inseparable from their laptops and smartphones. With that familiarity has come a wariness of the dangers of clicking on unsolicited emails, SMS, or WhatsApp messages. But there is a growing menace called zero-click attacks, which have previously targeted only VIPs or the very wealthy because of their cost and sophistication. A zero-click attack is a cyberattack that hacks a device without the user clicking anything. It can happen just by receiving a message, call, or file. The attacker uses hidden flaws in apps or systems to take control of the device, with no action needed from the user and the user remains unaware of the attack. 'Although public awareness has increased recently, these attacks have steadily evolved over many years, becoming more frequent as smartphones and connected devices proliferated,' Nathan House, CEO of StationX, a UK-based cybersecurity training platform, told The Epoch Times. 'The key vulnerability is in the software, rather than the type of device, meaning any connected device with exploitable weaknesses could potentially be targeted,' he said. Aras Nazarovas, an information security researcher at Cybernews, told The Epoch Times why zero-click attacks usually target VIPs, rather than ordinary individuals. 'Since finding such zero-click exploits is difficult and expensive, most of the time such exploits are used to gain access to information from key figures, such as politicians or journalists in authoritarian regimes,' he said. 'They are often used in targeted campaigns. Using such exploits to steal money is rare.' In June 2024, the BBC reported that social media platform TikTok had admitted that a 'very limited' number of accounts, including those of media outlet CNN, had been compromised. While ByteDance, the owner of TikTok, did not confirm the nature of the hack, cybersecurity companies such as Kaspersky and Assured Intelligence suggested it stemmed from a zero-click exploit. 'The part that requires high levels of sophistication is finding bugs that allow such attacks and writing exploits for these bugs,' Nazarovas said. 'It has been a billion-dollar market for years, selling zero-click exploits and exploit chains. Some gray/dark market exploit brokers often offer $500,000 to $1 million for such exploit chains for popular devices and apps.' Nazarovas added that while ordinary users have been hit in the past by zero-click 'drive-by' attacks. These are attacks that emerge after the unintentional installation of malicious software onto a device, often without the user even realizing it. They have become more infrequent with the growing gray market for such exploits. House said zero-click exploits often seek out vulnerabilities in software and apps that are expensive to discover, which means the perpetrators are usually 'nation-state actors or highly-funded groups.' Although there have been recent innovations in AI that have made certain cyber crimes, such as voice-cloning or vishing, more prevalent, Nazarovas says there is no evidence yet that it has increased the risk from zero-click attacks. House said people could use AI to 'write zero-click exploit chains for people who would have otherwise lacked the time, experience, or knowledge to be able to discover and write such exploits.' But, he said, the increase in zero-click attacks in recent years, 'stems mainly from expanded spyware markets and greater availability of sophisticated exploits, rather than directly from AI-driven techniques.' He said zero-click attacks have existed for more than a decade, the most infamous of which was the Pegasus spyware affair. In July 2021, The Guardian and 16 other media outlets published a series of articles, alleging that foreign governments used the Israeli-based NSO Group's Pegasus software to surveil at least 180 journalists and numerous other targets around the world. Alleged targets of Pegasus surveillance included French President Emmanuel Macron, Indian opposition leader Rahul Gandhi, and Washington Post writer Jamal Khashoggi, who was slain in Istanbul on Oct. 2, 2018. In a statement at the time, NSO Group said, 'As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi.' On May 6, a California jury awarded WhatsApp's parent company, Meta, $444,719 in compensatory damages and $167.3 million in punitive damages, in a privacy case against NSO Group. The WhatsApp complaint was focused on the Pegasus spyware, which, according to the lawsuit, was developed 'to be remotely installed and enable the remote access and control of information—including calls, messages, and location—on mobile devices using the Android, iOS, and BlackBerry operating systems.' 'While ordinary users can occasionally become collateral targets, attackers generally reserve these costly exploits for individuals whose information is especially valuable or sensitive,' Nazarovas said. According to Nazarovas, corporations offer hackers 'bug bounties' to incentivize them to find these exploits and report them to the company, rather than selling them to a broker who then sells them on to parties who use them illegally. Read the rest here… Also read: Kuwaiti Jailed For 6 Months Over Hacking Wife's Mobile Phone
