Some Android smartphones from Chinese OEMs found to be pre-loaded with Triada Trojan

Despite Google"s best efforts to improve Android"s security, the platform"s malware situation is still quite a mess. Just a few days ago, security researchers at Google revealed "Lippizan", a strain of malware that is capable of recording calls, capture photos and monitor other activity. This time, another security research firm has shed some light on a pre-loaded Trojan discovered in several Chinese smartphones.

The Triada Trojan found by researchers at Dr. Web is said to be one of the most sophisticated malware strains, as it injects itself into Android"s parent process called Zygote. Since, Zygote is active throughout the phone"s uptime, the Trojan gets access to the context of any application that is running at the time. In its latest incarnation, the Trojan is updated to become untraceable, with the help of a sandboxing mechanism.

Dr. Web researchers have revealed that the core Android library "libandroid_runtime.so" on smartphones such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20 was found to be injected with this Triada Trojan. It is suspected that the ROM makers, or someone else with access to the Android code used on these devices, could have added the malicious bits to the library before shipping it on to the devices.

The manufacturers have been notified about the malware, but it remains to be seen whether these low-cost devices will see any updates. It is of concern that many Chinese manufacturers use a common ROM and customize it to fit their needs, making it easier for miscreants to target a wide set of users with such malware.

Source: Security Week

Report a problem with article
Next Article

Samsung announces a 1.2Gbps LTE modem that will be in its next chipset

Previous Article

Putin signs VPN ban in Russia, comes into effect from November 1