Saturday, May 24, 2025
HomeTorjan Horses/wormsTrojan found Pre-installed On Cheap Android Smartphones

Trojan found Pre-installed On Cheap Android Smartphones

Published on

SIEM as a Service

Follow Us on Google News

Security researchers from Dr.web found Trojan preinstalled on several mobile devices, along with Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Android.Triada families use to embed in system libraries that used in launching applications on mobile devices. Android.Triada.231 that detected by Dr.web doesn’t try to root the phones and to escalate privileges as like other Trojan in the family.

Android.Triada.231 is embedded into libandroid_runtime.so which get control each time when the system makes records on the log. Zygote used in the process of launching Trojan for the first time.

Also Read Google Blocked a new Spyware Family Lipizzan

- Advertisement - Google News

Trojan once executed use to create a working directory launch it’s parameters and check for the environment it is running. If it is Dalvik environment(discontinued by Google) trojan use to launch attacks immediately after they start. Dr.web published a detailed report.

The major role of Android.Triada.231 is to run silently and to download additional modules. As the Trojans are included within system libraries it is not possible to delete using standard methods.

Moreover, Android.Triada.231 can extract the module Android.Triada.194.origin from libandroid_runtime.so, which is stored in the library in the encrypted form. Its main function is downloading additional malicious components from the Internet, as well as ensuring their interaction with each other. Says Dr.Web

The best method to get rid of the Trojan infection is to install the clean Android firmware.It is capable of penetrating various application modules, attackers can make use of trojan to download malicious plugins for stealing confidential information from bank applications, messengers etc.

Also Read CowerSnail Backdoor from the Developers of SambaCry

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...