Categories: Torjan Horses/worms

Trojan found Pre-installed On Cheap Android Smartphones

Security researchers from Dr.web found Trojan preinstalled on several mobile devices, along with Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Android.Triada families use to embed in system libraries that used in launching applications on mobile devices. Android.Triada.231 that detected by Dr.web doesn’t try to root the phones and to escalate privileges as like other Trojan in the family.

Android.Triada.231 is embedded into libandroid_runtime.so which get control each time when the system makes records on the log. Zygote used in the process of launching Trojan for the first time.

Also Read Google Blocked a new Spyware Family Lipizzan

Trojan once executed use to create a working directory launch it’s parameters and check for the environment it is running. If it is Dalvik environment(discontinued by Google) trojan use to launch attacks immediately after they start. Dr.web published a detailed report.

The major role of Android.Triada.231 is to run silently and to download additional modules. As the Trojans are included within system libraries it is not possible to delete using standard methods.

Moreover, Android.Triada.231 can extract the module Android.Triada.194.origin from libandroid_runtime.so, which is stored in the library in the encrypted form. Its main function is downloading additional malicious components from the Internet, as well as ensuring their interaction with each other. Says Dr.Web

The best method to get rid of the Trojan infection is to install the clean Android firmware.It is capable of penetrating various application modules, attackers can make use of trojan to download malicious plugins for stealing confidential information from bank applications, messengers etc.

Also Read CowerSnail Backdoor from the Developers of SambaCry

Priya James

View Comments

Recent Posts

Massive Hacking Forum Network Dismantled by Authorities, Impacting 10M Users

Authorities have delivered a major blow to the cybercrime world by dismantling two of the…

20 minutes ago

Microsoft Enhances M365 Bounty Program with New Services & Rewards Up to $27,000

Microsoft has announced updates to its Microsoft 365 (M365) Bug Bounty Program, offering expanded services,…

29 minutes ago

Tata Technologies Hit by Ransomware Attack, Some IT Services Suspended

Tata Technologies, a leading provider of engineering and IT services, has reported a ransomware attack…

1 hour ago

Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…

12 hours ago

New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages

Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…

13 hours ago

500 Million Proton VPN & Pass Users at Risk Due to Memory Protection Vulnerability

Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…

13 hours ago