Android users have been warned to look out for a nasty new Trojan that has been spotted in the wild by security researchers.
Kaspersky Lab is warning that Triada has been written by “very professional cybercriminals” that have a deep understanding of the targeted mobile platform, and that users of Android 4.4.4 and earlier versions of the mobile OS should be especially wary, as it is “nearly impossible uninstall”.
Kaspersky warned that Triada exploits Zygote, a core piece of the Android platform which contains system libraries and frameworks used by every application installed on the Android device, and is used to start apps
It is the first time that technology like this has been seen in the wild, with prior Trojans using Zygote only spotted as a proof-of-concept.
“The stealth capabilities of this malware are very advanced,” said Kaspersky. “After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden, both from the user and from other applications.”
So what does it do? Well it seems that the Triada Trojan will get unauthorised superuser privileges. It can modify outgoing SMS messages sent by other applications. So when a user for example makes in-app purchases via SMS for Android games, the outgoing SMS is modified so that the criminals receive the money instead of the app developers.
“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats,” said Nikita Buchka, junior malware analyst at Kaspersky Lab. “The majority of users attacked by the Trojans were located in Russia, India and Ukraine, as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device. They also have a well-thought-out architecture developed by cybercriminals who have a deep knowledge of the target mobile platform.”
And Kaspersky warned that it is nearly impossible to uninstall this malware from a device. If infected, users have to either “root” their device and delete the malicious applications manually. Or the second option is to jailbreak the Android system on the device.
More detailed information about this trojan is available here.
Earlier this week Nokia Security Center Berlin revealed that Android remains the worst mobile platform for security.
Nearly all mobile malware infections target Android, although some are now starting to target Apple’s iOS platform as well.
Yet Google is trying to make Android safer. In January it removed 13 malicious Android apps masquerading as games in Google Play, after it emerged they were capable of executing unauthorised commands and code difficult to remove.
And in a further effort to improve Android’s security, Google announced last year that Samsung and Google’s Nexus devices would receive monthly security updates.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…