Russian-based security software vendor Dr Web has found malware pre-installed on 42 different budget devices from China. The malware in question is the Android.Triada.231 Trojan, which is close to impossible to remove without rooting the phone and installing a new operating system.
Investigating the outbreak of the malware lead researchers to a software developer who was working with Leagoo. It turns out that the developer had asked the smartphone manufacturer to include an app – with instructions to add third party code to the system library – in its release; a request that was granted with no questions asked.
That said, the malware problem isn’t only confined to Leagoo devices. It also extends to those from Doogee, Zopo, Vertex, and Cherry; as well as a range of smartphones from even smaller manufacturers.
Triada is considered to be one of the more dangerous mobile malware in existence. It’s capable of tunneling into Zygote, a core Android process. From there, it is capable of executing a variety of attacks on the unsuspecting user.
What is also disturbing about this attack is that the malware was signed with the same certificate as an earlier attack from 2016. The suspicion is that the two are connected, and that the developer in this recent distribution was also responsible for the earlier campaign. Showing that whoever it is is not afraid of being caught.
[Source: Dr Web]