Malicious Code Found in Bargain Phones: Protect Your Data!
A cheap smartphone offer can seem extremely tempting at first glance. But anyone who falls for such bargains risks high costs afterwards. Security researchers warn that behind this is hidden malicious code that is already installed on some devices as standard.
When shopping online, buying well below the usual market price when the opportunity arises is particularly tempting. But this decision can quickly backfire. This is because fake Android smartphones that are delivered with a pre-installed Trojan are currently appearing. These devices look like models from well-known brands, but can do much more than just make phone calls: they can spy on apps, read chats, take over accounts, manipulate payments, or even take out unwanted paid subscriptions. And all this without the need to introduce an additional virus - the malware "Triada" is already deeply embedded in the firmware of the devices when they are delivered.
Triada is Embedded in the System
The IT security service provider Kaspersky is warning us about a newer version of the Triada malware. The malicious code is presumably intended to reach counterfeit devices that can be found in online stores via manipulated components within the supply chain. Particularly insidious: Triada is already active when the smartphone is first switched on - hidden in the system partitions. This makes the Trojan almost impossible to remove without expert help.
Triada gains comprehensive access rights to all running apps, and specific modules have been specially created with popular applications in mind. One example: In WhatsApp, a module collects data every five minutes and sends it to an external C2 server. Meanwhile, another module ensures that the Trojan can independently send, receive, or delete messages.
But that's not all. The malware can also read incoming SMS messages and even respond to them. In this way, those affected are registered unnoticed for paid services. As many tools use SMS for two-factor authentication, there is also a risk that other online accounts will be taken over, even if they are not linked to the infected smartphone.
Crypto and Banking Users are Particularly at Risk
Anyone who owns cryptocurrencies must be particularly vigilant. This is because the malware searches the clipboard for wallet addresses and replaces them with an address controlled by the attacker. Payments can thus be secretly redirected. According to the German Federal Office for Information Security (BSI), Triada can also manipulate other financial transactions. In addition, the Trojan can download and install malware from the Internet on its own. A detailed list of all known functions of the Triada malware can be found in Kaspersky's full report.
Smartphone Users Must Be Careful
It is safest to buy smartphones exclusively from official and authorized dealers. This significantly reduces the risk of catching a manipulated device. A virus scanner can also help detect Triada's presence under certain circumstances. It is also advisable to pay attention to any unusual behavior of your own device. For example, if advertising pages suddenly appear unexpectedly while surfing because URLs have been redirected, this can be an indication of malware.
- Real-Time Scam Detection? It Could Soon be Possible with Google Chrome!
If an infection is suspected, the device should no longer be used for sensitive activities such as online banking or other financial transactions. Kaspersky also advises logging out of chat apps and social networks and changing all passwords. A complete clean-up of the system requires the firmware to be overwritten, a step that can only be taken with the appropriate technical knowledge. If you are unfamiliar with this, you should contact the manufacturer or a specialist.
