Tuesday, May 6, 2025
HomeTorjan Horses/wormsTrojan found Pre-installed On Cheap Android Smartphones

Trojan found Pre-installed On Cheap Android Smartphones

Published on

SIEM as a Service

Follow Us on Google News

Security researchers from Dr.web found Trojan preinstalled on several mobile devices, along with Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Android.Triada families use to embed in system libraries that used in launching applications on mobile devices. Android.Triada.231 that detected by Dr.web doesn’t try to root the phones and to escalate privileges as like other Trojan in the family.

Android.Triada.231 is embedded into libandroid_runtime.so which get control each time when the system makes records on the log. Zygote used in the process of launching Trojan for the first time.

Also Read Google Blocked a new Spyware Family Lipizzan

- Advertisement - Google News

Trojan once executed use to create a working directory launch it’s parameters and check for the environment it is running. If it is Dalvik environment(discontinued by Google) trojan use to launch attacks immediately after they start. Dr.web published a detailed report.

The major role of Android.Triada.231 is to run silently and to download additional modules. As the Trojans are included within system libraries it is not possible to delete using standard methods.

Moreover, Android.Triada.231 can extract the module Android.Triada.194.origin from libandroid_runtime.so, which is stored in the library in the encrypted form. Its main function is downloading additional malicious components from the Internet, as well as ensuring their interaction with each other. Says Dr.Web

The best method to get rid of the Trojan infection is to install the clean Android firmware.It is capable of penetrating various application modules, attackers can make use of trojan to download malicious plugins for stealing confidential information from bank applications, messengers etc.

Also Read CowerSnail Backdoor from the Developers of SambaCry

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...