A new version of Triada spreads embedded in the firmware of Android devices

Description

Kaspersky researchers have discovered a new version of the Triada Trojan being distributed through infected Android device firmware. The malware is embedded into system files before devices are sold, making it nearly impossible to remove. It infects the Zygote process to compromise all apps on the device. The Trojan's modular architecture allows attackers to deliver targeted payloads for stealing cryptocurrency, credentials, and other sensitive data from popular apps like WhatsApp, Facebook, and banking apps. It can also intercept SMS messages, make calls, and act as a reverse proxy. Over 4,500 infected devices have been detected worldwide, with the highest numbers in Russia, UK, Netherlands, Germany and Brazil. The attackers have stolen over $264,000 in cryptocurrency so far.