Security company Dr. Web has discovered new malware that comes pre-installed on a number of Android devices, warning that cybercriminals can use the infection to download and install additional payloads on compromised smartphones.
The most important part of the story is without a doubt the list of devices that ship with the pre-loaded malware, but fortunately, only a few number of customers are likely to be affected.
The malicious program was discovered on a number of Chinese Android smartphones, the security firm says, including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
Called Android.Triada, the Trojan horse is embedded into the firmware of the mobile devices by “insiders or unscrupulous partners,” Dr. Web says, and it takes control of the libandroid_runtime.so module. The malware can inject its files into Zygote, the core Android process that runs at system boot, which means that the Trojan horse itself is loaded every time when the device is started.
Triada can thus compromise pretty much any application installed on the device since it’s running all the time, and Dr. Web notes that it’s primarily aimed at allowing attackers to deploy additional malware on a compromised Android smartphone. This means that virus writers can take control of the entire device with the right malware, especially because Triada can help disable security software on your device.
Submitted by: Arnfried Walbrecht