ISLAMABAD – Counterfeit smartphones are vulnerable to cyberattacks due to a pre-installed, sophisticated version of the Triada Trojan.
According to Kaspersky, more than 2,600 users worldwide have been affected. Embedded in the system firmware, the malware operates undetected, granting attackers full control over infected devices.
Unlike typical mobile malware delivered via malicious apps, this variant is integrated into the system framework, infiltrating every running process.
It enables a wide range of malicious activity, including stealing messaging and social media accounts, including Telegram, TikTok, Facebook, and Instagram, sending and deleting messages in apps like WhatsApp and Telegram, substituting cryptocurrency wallet addresses, redirecting phone calls by spoofing caller IDs, monitoring browser activity and injecting links, intercepting, sending, and deleting SMS messages, enabling premium SMS charges, downloading and executing additional payloads and blocking network connections to potentially bypass anti-fraud systems.
Triada Trojan has become the most advanced threat in the Android ecosystem, said Dmitry Kalinin, malware analyst at Kaspersky Threat Research.
He said that the new version infiltrates the device at the firmware level before it even reaches the user. Attackers have already funnelled at least $270,000 in stolen cryptocurrency to their wallets, though the actual total may be higher due to the use of untraceable coins like Monero.”
First discovered in 2016, Triada has continually evolved, leveraging system-level privileges to execute fraud, hijack SMS authentication, and evade detection. This latest campaign marks a concerning escalation, as attackers potentially exploit supply chain flaws to deploy firmware-level malware on counterfeit devices.
