Kaspersky researchers have discovered traces of Triada, a formidable and recalcitrant virus, on thousands of Android smartphones. The malware infected 2,600 phones between March 13 and 27, 2025. A large proportion of the infections occurred on Russian soil.
Counterfeit Smartphones and Factory Infection
The virus was found in counterfeit smartphones, designed to imitate popular phone models. These copies are sold at minimal prices online in an attempt to attract consumers looking to save money.
Emerged in 2016, Triada is generally hidden within bargain-basement Android smartphones. In most cases, the virus was implanted at the factory by unscrupulous developers. Hidden deep within the system, the malware is activated as soon as the user turns on the phone for the first time.
A virus implanted deep within Android
This is a modified version of the malware that was uncovered by Russian researchers. The latest version of Triada is integrated directly into the firmware of Android phones, i.e., deep within the system, from the moment the device is manufactured. Therefore, it is not possible to uninstall the virus.
Data and Crypto Theft
As Kaspersky explains, Triada is primarily programmed to steal personal data from users. After the first activation, it will take over social media or messaging accounts. The malware will also impersonate the victim by sending messages on WhatsApp or Telegram. These messages are used to spread other malware. Similarly, Triada intercepts, sends, or can delete users' text messages.
Russian researchers reveal that Triada is responsible for the theft of $270,000 in cryptocurrency. While searching through its victims' smartphones, the virus came across applications that allow the exchange of digital assets. It then replaced the blockchain address to which users send their funds with an address held by the hackers. The victims then transferred their cryptos to hackers without realizing it.
The virus is also capable of installing fraudulent applications on users' smartphones. This opens the door to all sorts of abuse. Finally, Triada can subscribe you to paid services via SMS. To avoid unpleasant surprises, we strongly recommend that you avoid purchasing counterfeit smartphones, such as Chinese copies of iPhones, from online stores. By doing so, you are entrusting your entire digital life to cybercriminals. Kaspersky recommends purchasing “smartphones only from authorized distributors.”
Source: Kaspersky
0 Comments