Skip to main content

Some Low-End Android Phones Included Trojan Software

By August 12, 2017March 1st, 2023Cybersecurity

A few low-end Android phones have been found to be infected with the Triada Trojan, according to the Russian Cybersecurity firm, Dr. Web, which discovered a variant of the malware lurking inside the Android OS Zygote core process.

In this instance, the likeliest point of insertion was via a third-party vendor, somewhere in the phone manufacturer’s supply chain.

This type of attack is becoming increasingly commonplace as hackers gain ever more sophistication and attempt more complex hacking operations.

What is not known at this point is whether the hack originated from some outside agency, invading and infecting a third-party firmware vendor and then piggybacking on their code, or the attack originated from some third-party vendor itself. In recent months, we’ve seen instances of both.

For example, the companies Adups and Ragentek have both been found to embed backdoors into the firmware they sell to low-cost Android smartphone vendors. Then, they use those backdoors for their own ends at some point down the road, which causes the smartphone manufacturer to lose both credibility and market share when the word gets out.

The matter is still under investigation, and it should be noted that the Trojan has only been found on a select few phones, so the infection is quite small in scale and scope. Nonetheless, if you own one of the following models, check it to see if you’re infected:

• Leagoo M5 Plus
• Leagoo M8
• Nomu S10
• Nomu S 20

As to Triada itself, the malware began life as a fairly simple Android banking Trojan. Since its initial discovery in March of 2016, the hackers who own and control it have been busy making improvements and adding a range of features, making it increasingly more robust and dangerous.These days, it’s considered an all-around threat, capable of not only stealing your banking data, but also looking through your browser history and even downloading other malicious apps without your input or knowledge.

Because the Trojan infects the phone’s core process, it’s got root-level access, and could be directed to do anything the hackers want. Thankfully, the number of infections is quite small at the moment, but as we have seen, that can change quickly.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.