Triada, a data-stealing virus which infects the Android operating system dubbed Zygote, according to Doctor Web, a Russia-based security firm, may consequently impact other applications and perform a plethora of malicious operations behind the user’s back.
The malware has been designed to penetrate a device's firmware while manufacturing, which means, Doctor Web security experts argue that users "receive their devices already infected from the box."
#Android: fundamentally insecure, not worth the risk. Infected OUT OF THE BOX!?! Dear god. #fb https://t.co/EqpsVTcopC
— Basexperience™. 🅿️ (@basexperience) 3 марта 2018 г.
READ MORE: OMG! Mutating Malware Mirai Turns IoT Devices Into Proxy Servers
Russia’s Kaspersky Lab antivirus giant previously labelled the Triada malware as highly advanced and stealthy, performing various malicious activities without alerting the targeted users. According to it, the malware is also considered to be challenging to almost impossible to detect and remove.
"The complexity of the Triada Trojan's functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware," Kaspersky Lab researchers said in an earlier report.
The said malware was first spotted in the China-manufactured Leagoo M9 smartphone, unveiled late last year. The list further included about forty devices, namely Leagoo M5, leagoo M5 Plus, Leagoo M8, Leagoo Z1C, Cherry Mobile Flare S5 and many more.
Doctor Web researchers said in a blog the Trojan’s penetration into hardware was initially requested by the Leagoo partner, the software developer from Shanghai. Experts, though, have issued a warning that the number of infected smartphones could be higher, that it can be deleted manually or, optionally, through rooting the device.