216.73.217.139

A new version of Triada spreads embedded in the firmware of Android devices

· Published 25/04/2025 16:43 · Modified 25/04/2025 21:12

Export JSON

Essential information

Published
25/04/2025 16:43
Modified
25/04/2025 21:12
Tags
2025-04-25 android credential-theft cryptocurrency firmware reverse proxy sms interception triada trojan
Related entities
1 intrusion sets (apt), 3 techniques (mitre), 1 malware, 5 others

Description

Kaspersky researchers have discovered a new version of the being distributed through infected device . The malware is embedded into system files before devices are sold, making it nearly impossible to remove. It infects the Zygote process to compromise all apps on the device. The 's modular architecture allows attackers to deliver targeted payloads for stealing , credentials, and other sensitive data from popular apps like WhatsApp, Facebook, and banking apps. It can also intercept SMS messages, make calls, and act as a . Over 4,500 infected devices have been detected worldwide, with the highest numbers in Russia, UK, Netherlands, Germany and Brazil. The attackers have stolen over $264,000 in so far.

External references