Google Acknowledges Having Android Backdoor Triada
On June 6, 2019, Google released a case study of very intelligent hackers who were trying to plant backdoor in Android phones. This is about a family of apps called “Triada” that can place spam and ads on the device. After a brief overview about its beginning in 2016 and the operation of the first version, Google took a surprising turn: Triada has developed a method to create malware on Android phones ready to use even before the clients open or install an application box.
The key is that many smartphone manufacturers do not have the tools to develop some features, and they depend on third-party vendors to build them. This third-party, then becomes is the attack vector.
The Triada’s story began when Kaspersky Lab researchers discovered it early in 2016. According to Google, the purpose of the Android malware was “primarily to install anti-spam applications on devices displaying advertisements.” Lukasz Siewierski, a reverse engineer on Google’s security and privacy team for Android, said Triada was way ahead of schedule.
If you are reading this, it is very unlikely that a mobile phone you purchased has been affected. Google didn’t mention the names of the devices infected by Triada. According to an analysis of anti-malware software vendors, Dr. Web found the backdoors on Chinese manufacturers Leagoo and Nomu, which were not sold in the United States.
Earlier this year, Forbes reported the discovery of a banking Android Trojan called Triada on many new low priced Android smartphones. Google has now confirmed that the threat actors have successfully compromised Android smartphones by installing backdoors as part of a supply chain attack.
“The method used by Triada is complicated and unusual for this type of application,” wrote Siewierski in a blog post. “The Triada app is launched as a root Trojan, but if Google Play Protect strengthens defense against root attacks, Triada apps were forced to adapt, progressing to a system image backdoor.”
Although Google has added Android anti-threat features such as Triada, the summer 2017 malware threat has taken a different and unusual approach and has attacked the supply chain so that the backdoor of malware pre-installed on small budget mobile phones.
As for Triada, Google Lukasz Siewierski analysis on the blog confirms the existence of Google backdoor in the latest Android smartphones.