Android operating system smartphone users have been alerted about a number of devices that have dangerous malware pre-installed on them.
Android users are being warned about a series of phones which come with malware preinstalled on them straight out of the box.
Nothing New For Android Users
Android is one of the most popular operating systems in the world, with over two billion devices, mainly smartphones, running the Google mobile OS with new members joining every day.
But some Android users are no strangers to security alerts, with a number of recent widespread threats being circulated with apps found on the official Google Play Store.
Six Android apps that we’re able to be downloaded from the Google Play Store and in total were downloaded a staggering 90million times, were found to have been loaded with the preamp-malware.
While another recent announcement pointed out 50 malware-filled apps on the Google Play Store that had infected over 30 million Android devices.
New Way To Spread Malware
Now Android fans are being warned about another malware threat, but this time it is not being spread via Google’s official app store.
Google has confirmed a bunch of budget Android smartphones was found to have the different types of malware pre-installed on them.
As announced in a post by HackRead, malware called Triada was believed to have been installed on these Android phones during the supply chain process.
The Triada malware has the capability to steal sensitive data from banking apps, intercept chat messages from social media, and spy on users.
In a blog post, Google’s Reverse Engineer Lukasz Siewierski had said that the creators of Triada collected revenue from the ads displayed by the spam apps. The methods that Triada used were complex and typical for these types of apps. Triada apps on the app store started as rooting trojans, but when Google Play Protect refined its defenses against rooting exploits, Triada apps had to adapt by progressing to a system image backdoor. However, thanks to OEM cooperation and our efforts, OEMs prepared system images with security updates that were capable of completely removing the Triada infection.
The Infected Devices
Prior to this Google blog post being published by Lukasz Siewierski, the Triada malware was found to be pre-installed in a series of budget smartphones.
Dr. Web, The anti-malware firm found that Triada was loaded up onto over 40 Android devices.
These devices were: Cherry Mobile Flare S5, Cherry Mobile Flare J2S, Cherry Mobile Flare P1, ARK Benefit M8, Zopo Speed 7 Plus, UHANS A101, Doogee X5 Max, Doogee X5 Max Pro, Doogee Shoot 1, Doogee Shoot 2, Tecno W2, Homtom HT16, Umi London, Kiano Elegance 5.1, iLife Fivo Lite, Mito A39, Vertex Impress InTouch 4G, Vertex Impress Genius, myPhone Hammer Energy, Advan S5E NXT, Advan S4Z, Advan i5E, STF AERIAL PLUS, STF JOY PRO, Tesla SP6.2, Cubot Rainbow, Haier T51, NOA H6, Pelitt T1 PLUS, Prestigio Grace M5 LTE, BQ 5510, EXTREME 7, Leagoo M5, Leagoo M5 Edge, Leagoo M5 Plus, Leagoo M8 Pro, Leagoo M8, Leagoo Z5C, Leagoo T1 Plus, Leagoo Z3C, Leagoo Z1C, Leagoo M9.
Lukasz Siewierski said that the Triada malware mainly targeted Android versions from 4.4.2 and older.
The Android Security and Privacy team member explained that the newer versions of the Android OS blocked the process by which the malware obtained root access to a device.
Lukasz Siewierski added by saying that working with the OEMs and supplying them with instructions for removing the threat from devices, reduces the spread of preinstalled Triada variants and removes infections from the devices through the OTA updates. The Triada case was a good example of how Android malware authors are becoming more adept and sneaky. This case also shows that it is more complex to infect Android devices with malware, especially if the malware author requires privilege elevation.
