40 Low Cost Android Smartphones infected with Triada Banking Trojan

40 Low Cost Android Smartphones infected with Triada Banking Trojan

Low-cost Android smartphones with over 40 models were found to be infected with an Android banking Trojan called Triada. These malware-laden smartphones were already sold globally. This banking Trojan was discovered by a research team from a Russia-based antivirus firm known as Dr. Web. A few days ago, this security firm published a list of all the 42 Android models that they have analyzed and found to be infected with the banking Trojan Android.Triada.231.

Triada is not a new Android malware and was first discovered in early 2016. This dangerous Android banking Trojan can root devices and then infect a core Android operating system process called “Zygote” that would make it impossible for a user to remove the banking Trojan without wiping the entire Android device and reinstalling the operating system.

According to Dr. Web, it had found the banking Trojan on newly shipped devices from not so popular brands that are based mostly in Chine like Doogee, Leagoo, Vertex, Advan, Cherry Mobile and so on. It turns out that the devices infected with the malware are sold not only in Russia but also all over the globe, according to a spokesperson from Dr. Web.

This recent discovery of Dr. Web isn’t new. However, it is a continuation of a previous research way back in July 2017. At that time researchers found the very same Triada banking Trojan on four low-cost Android models such as Leagoo M5 Plus, Leagoo M8, Nomu S10 and Nomu S20.

At the time of writing, researchers are still looking into the matter and found exactly 42 smartphone models that came with the pre-installed malware out of the box. Researchers said that their discovery at that time apparently did not dissuade whoever was behind this malware to stop. To prove this, they found Triada pre-installed on Leagoo M9 phones which were a model launched in December last year.

Dr. Web reached out to all the affected vendors as they believe that one of the vendors’ shared resellers is the one injecting the banking Trojan before they ship the devices. However, it turns out that a software developer from Shanghai was the one responsible for injecting the Triada banking Trojan.

“This company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation,” stated the researchers from Dr. Web. “Unfortunately, this controversial request did not evoke any suspicions from the manufacturer. Ultimately, Android.Triada.231 got to the smartphones without any obstacles,” the researchers added.

Researchers from Dr. Web say that this Triada-laden application developed by the Shanghai company was signed with the very same certificate that was also seen in another malware back in November 2016 where an Android app that has reached over a million downloads in the Google Play Store was infecting users with the Android.MUIDrop adware.

At the end of the day, it’s still the very same old story where users are the ones who suffer the consequences of companies that fall short invalidating the supply chain of their software.

The list laid out below shows the Android smartphone models infected with the Triada banking Trojan discovered by Dr. Web:

  1. Leagoo M5
  2. Leagoo M5 Plus
  3. Leagoo M5 Edge
  4. Leagoo M8
  5. Leagoo M8 Pro
  6. Leagoo Z5C
  7. Leagoo T1 Plus
  8. Leagoo Z3C
  9. Leagoo Z1C
  10. Leagoo M9
  11. ARK Benefit M8
  12. Zopo Speed 7 Plus
  13. UHANS A101
  14. Doogee X5 Max
  15. Doogee X5 Max Pro
  16. Doogee Shoot 1
  17. Doogee Shoot 2
  18. Tecno W2
  19. Homtom HT16
  20. Umi London
  21. Kiano Elegance 5.1
  22. iLife Fivo Lite
  23. Mito A39
  24. Vertex Impress InTouch 4G
  25. Vertex Impress Genius
  26. myPhone Hammer Energy
  27. Advan S5E NXT
  28. Advan S4Z
  29. Advan i5E
  30. STF AERIAL PLUS
  31. STF JOY PRO
  32. Tesla SP6.2
  33. Cubot Rainbow
  34. EXTREME 7
  35. Haier T51
  36. Cherry Mobile Flare S5
  37. Cherry Mobile Flare J2S
  38. Cherry Mobile Flare P1
  39. NOA H6
  40. Pelitt T1 PLUS
  41. Prestigio Grace M5 LTE
  42. BQ 5510