Android Trojan Triada Spotted In Wild By Kaspersky Lab

Android users have been warned to look out for a nasty new Trojan that has been spotted in the wild by security researchers.

Kaspersky Lab is warning that Triada has been written by “very professional cybercriminals” that have a deep understanding of the targeted mobile platform, and that users of Android 4.4.4 and earlier versions of the mobile OS should be especially wary, as it is “nearly impossible uninstall”.

Very Advanced

Kaspersky warned that Triada exploits Zygote, a core piece of the Android platform which contains system libraries and frameworks used by every application installed on the Android device, and is used to start apps

It is the first time that technology like this has been seen in the wild, with prior Trojans using Zygote only spotted as a proof-of-concept.

Kaspersky Lab said that because of Zygote, once Triada is downloaded and installed, it becomes part of the app process and will be pre-installed into any application launching on the device and can even change the logic of the application’s operations.

“The stealth capabilities of this malware are very advanced,” said Kaspersky. “After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden, both from the user and from other applications.”

So what does it do? Well it seems that the Triada Trojan will get unauthorised superuser privileges. It can modify outgoing SMS messages sent by other applications. So when a user for example makes in-app purchases via SMS for Android games, the outgoing SMS is modified so that the criminals receive the money instead of the app developers.

“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats,” said Nikita Buchka, junior malware analyst at Kaspersky Lab. “The majority of users attacked by the Trojans were located in Russia, India and Ukraine, as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device. They also have a well-thought-out architecture developed by cybercriminals who have a deep knowledge of the target mobile platform.”

And Kaspersky warned that it is nearly impossible to uninstall this malware from a device. If infected, users have to either “root” their device and delete the malicious applications manually. Or the second option is to jailbreak the Android system on the device.

More detailed information about this trojan is available here.

Android Vulnerabilities

Earlier this week Nokia Security Center Berlin revealed that Android remains the worst mobile platform for security.

Nearly all mobile malware infections target Android, although some are now starting to target Apple’s iOS platform as well.

Yet Google is trying to make Android safer. In January it removed 13 malicious Android apps masquerading as games in Google Play, after it emerged they were capable of executing unauthorised commands and code difficult to remove.

And in a further effort to improve Android’s security, Google announced last year that Samsung and Google’s Nexus devices would receive monthly security updates.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI Seeks To Remove Commercial ‘AGI’ Constraint

ChatGPT developer OpenAI reportedly discussing removal of provision that blocks Microsoft from accessing super-intelligent AI

8 hours ago

EU Probes Nvidia AI Chip Business Practices

European Commission reportedly questions Nvidia competitors, customers over business practices in AI chip market over…

8 hours ago

Apple To Begin Using In-House 5G Modems Next Year

Apple reportedly planning to use first-generation in-house 5G modem in iPhone SE next year, hopes…

9 hours ago

EU Probes TikTok Influence On Romania Elections

European Commission queries TikTok for information on alleged Russian campaign to influence Romanian presidential election

9 hours ago

US Exempted China DRAM Makers From Controls ‘Under Pressure From Japan’

US exempted Chinese DRAM memory chip manufacturers from latest round of export controls under pressure…

10 hours ago

Huawei Gains On Apple In China Premium Smartphones

Huawei sees sales of premium smartphones in China grow by 34 percent as Apple declines,…

10 hours ago