There are more than 2 billion Android smartphones in the world, making Google's mobile operating system the world's largest in comparison to iOS and others. While that's a great achievement for the world's largest internet search company, it's also a reason for concern as Android's open source nature welcomes a higher risk of malware and virus attacks.
Several attacks on Android platform have been reported from time to time, but the latest one is rather intimidating than the ones previously cited. Security researchers at Russia-based security firm Doctor Web discovered a malware that infects Android smartphones while manufacturing. This means that certain Android smartphones are already infected from the box.
Triada is the name of the data-stealing malware that's so advanced that it can perform various malicious activities without alerting the owner of the device. Making things worse, Triada is also stealthy in nature and nearly impossible to detect or even remove. But it has now come to light after Doctor Web researchers detected to malware in a Leagoo M9 smartphone.
"Our analysts' research showed that the Trojan's penetration into firmware happened at the request of the Leagoo partner, the software developer from Shanghai. This company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation. Unfortunately, this controversial request did not evoke any suspicions from the manufacturer," Doctor Web researchers said in a blog dated March 1.
This is quite an alarming revelation, which forces us to question the security practices followed by Android OEMs. Could this be an error or is it an overlooked practice on behalf of OEMs? It's hard to tell, but International Business Times India reached out to Leagoo, which has at least 10 infected models, for a statement on the matter. In response, the company's spokesperson said "we are very seriously focusing on this issue" and make an official annoucement on how to solve the problem soon.
Since Triada infects a core Android component called Zygote, it gets privileged access. Zygote is responsible to launch all applications in an Android system, which gives Triada the ability to infect other apps as well.
More than 40 Android smartphones have been discovered so far, but experts warn the number of infected smartphones could be higher. To begin with, take a look at the smartphones infected by Triada out-of-the-box.
Leagoo M5
Leagoo M5 Plus
Leagoo M5 Edge
Leagoo M8
Leagoo M8 Pro
Leagoo Z5C
Leagoo T1 Plus
Leagoo Z3C
Leagoo Z1C
Leagoo M9
ARK Benefit M8
Zopo Speed 7 Plus
UHANS A101
Doogee X5 Max
Doogee X5 Max Pro
Doogee Shoot 1
Doogee Shoot 2
Tecno W2
Homtom HT16
Umi London
Kiano Elegance 5.1
iLife Fivo Lite
Mito A39
Vertex Impress InTouch 4G
Vertex Impress Genius
myPhone Hammer Energy
Advan S5E NXT
Advan S4Z
Advan i5E
STF AERIAL PLUS
STF JOY PRO
Tesla SP6.2
Cubot Rainbow
EXTREME 7
Haier T51
Cherry Mobile Flare S5
Cherry Mobile Flare J2S
Cherry Mobile Flare P1
NOA H6
Pelitt T1 PLUS
Prestigio Grace M5 LTE
BQ 5510
This is also not the first time Triada has come under the radar. Kaspersky Lab discovered the sly malware in 2016 and warned of its advanced operating methods.
"The complexity of the Triada Trojan's functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware," Kaspersky Lab researchers wrote.
Does it mean the owners of infected Android smartphones are doomed? Not necessarily. Researchers at Doctor Web say that rooting the device and deleting the malware by installing a clean copy of the OS will help affected users get rid of the malware.
Updated on March 6, 2018, at 1 PM IST to include Leagoo's statement on the matter.
