Free Trojan with Android Devices
Android devices are a standout amongst the most vulnerable operating system due to its open-source nature. Nevertheless, what choice the user has if he is given a phone that is pre-installed with a malware.
A security researcher from Russian cyber security firm Dr.web found that a number of Android devices were sold with pre-installed Trojan, this included; Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. The malicious code was embedded in the android firmware.
According to Dr. Web blog “Android.Triada.231 is embedded into the source code of the library. It can be assumed that insiders or unscrupulous partners, who participated in creating firmware for infected mobile devices, are to be blamed for the dissemination of the Trojan – Android.Triada.231 has embedded into libandroid_runtime.so in a way that it gets control each time when an application on the device makes a record to the system log. The Zygote is launched before other applications, the initial launch of the Trojan is performed by Zygote.”
The trojan is embedded in the system libraries that are used in mobile devices for launching applications. It creates a working directory and then checks for the environment. If it happens to be Dalvik environment the Trojan would start the attack immediately.
The malware Android.Triada works silently and once it finds the space in the android device it downloads the additional modules. This Trojan is embedded into libandroid_runtime which get control each time when the system makes a record in the log. Zygote used in the process of launching Trojan for the first time.
These incidents prove that users need to be extremely careful when going for cheap android phones, look for any fishy app. This should be a concern for all mobile users.
The Android trojan has the ability to penetrate every application module, thus giving the attacker an easy access to your mobile. The malware can download malicious plugins to steal your vital information like bank details, WhatsApp chat and other.
Since this is installed in the system libraries it literally becomes impossible to delete these files using standard processes. Nevertheless, researchers have passed on this information to all major mobile manufacturers to be careful with their devices. For those recent users who bought any phone recently are requested to not skip any update from the manufacturer
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.