Android Trojan Triada Spotted In Wild By Kaspersky Lab

Android users have been warned to look out for a nasty new Trojan that has been spotted in the wild by security researchers.

Kaspersky Lab is warning that Triada has been written by “very professional cybercriminals” that have a deep understanding of the targeted mobile platform, and that users of Android 4.4.4 and earlier versions of the mobile OS should be especially wary, as it is “nearly impossible uninstall”.

Very Advanced

Kaspersky warned that Triada exploits Zygote, a core piece of the Android platform which contains system libraries and frameworks used by every application installed on the Android device, and is used to start apps

It is the first time that technology like this has been seen in the wild, with prior Trojans using Zygote only spotted as a proof-of-concept.

Kaspersky Lab said that because of Zygote, once Triada is downloaded and installed, it becomes part of the app process and will be pre-installed into any application launching on the device and can even change the logic of the application’s operations.

“The stealth capabilities of this malware are very advanced,” said Kaspersky. “After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden, both from the user and from other applications.”

So what does it do? Well it seems that the Triada Trojan will get unauthorised superuser privileges. It can modify outgoing SMS messages sent by other applications. So when a user for example makes in-app purchases via SMS for Android games, the outgoing SMS is modified so that the criminals receive the money instead of the app developers.

“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats,” said Nikita Buchka, junior malware analyst at Kaspersky Lab. “The majority of users attacked by the Trojans were located in Russia, India and Ukraine, as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device. They also have a well-thought-out architecture developed by cybercriminals who have a deep knowledge of the target mobile platform.”

And Kaspersky warned that it is nearly impossible to uninstall this malware from a device. If infected, users have to either “root” their device and delete the malicious applications manually. Or the second option is to jailbreak the Android system on the device.

More detailed information about this trojan is available here.

Android Vulnerabilities

Earlier this week Nokia Security Center Berlin revealed that Android remains the worst mobile platform for security.

Nearly all mobile malware infections target Android, although some are now starting to target Apple’s iOS platform as well.

Yet Google is trying to make Android safer. In January it removed 13 malicious Android apps masquerading as games in Google Play, after it emerged they were capable of executing unauthorised commands and code difficult to remove.

And in a further effort to improve Android’s security, Google announced last year that Samsung and Google’s Nexus devices would receive monthly security updates.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

4 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

5 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

7 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

7 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

8 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

9 hours ago