New Trinda Malware Targets Android Devices by Replacing Phone Numbers During Calls

Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting Android devices.

This variant has been found pre-installed in the firmware of counterfeit smartphones mimicking popular models, often sold at discounted prices through unauthorized online stores.

The malware poses significant risks to users, with more than 2,600 cases reported globally, primarily in Russia.

The Trojan infiltrates the system framework of infected devices, embedding itself into every process on the smartphone.

This enables attackers to exert nearly unlimited control over the device.

The malware’s capabilities include stealing user accounts from messaging apps like Telegram and TikTok, intercepting and manipulating SMS messages, and replacing cryptocurrency wallet addresses to divert funds during transactions.

It can also monitor browser activity, redirect links, and replace phone numbers during calls to reroute communications to attackers’ desired contacts.

Supply Chain Compromise and Financial Impact

Experts believe the malware enters devices during manufacturing or supply chain processes before reaching consumers.

Dmitry Kalinin, a cybersecurity expert at Kaspersky Lab, noted that unauthorized retailers may unknowingly distribute infected smartphones.

Analysis of financial transactions linked to the malware revealed that attackers have transferred approximately $270,000 in various cryptocurrencies to their wallets.

This figure may be higher due to their use of Monero, a privacy-focused cryptocurrency that is difficult to trace.

The Triada Trojan has long been recognized as one of the most complex threats to Android devices.

Its latest iteration demonstrates advanced monetization strategies by targeting cryptocurrency transactions and premium SMS services.

Additionally, it can download and execute other malicious software on compromised devices while blocking network connections to disrupt anti-fraud systems.

Recommendations for Users

To mitigate risks associated with pre-installed malware like Triada, Kaspersky Lab advises consumers to purchase smartphones exclusively from authorized distributors.

Installing robust security solutions immediately after purchase is also recommended. Tools such as Kaspersky for Android can help detect and neutralize threats on infected devices.

The discovery highlights ongoing vulnerabilities in supply chains and underscores the importance of cybersecurity measures for mobile devices.

As cyber threats evolve, users must remain vigilant against risks posed by counterfeit hardware and pre-installed malware.

Kaspersky Lab continues to monitor developments related to Triada and other mobile threats, leveraging its expertise in cybersecurity to protect users worldwide.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!