New month, new malware discovered on Android. A Russian antivirus publisher discovered that a slew of Chinese phones were infected with malware, injected during the installation of the system.
In March 2017, the world of mobility became acquainted with the malware Hummingwhale, a small piece of malicious code preinstalled on some Android phones that stole personal information. A year later, rebelote, since a new malicious program has been discovered on some Chinese mobiles.Le new is called Android.Triada.231 and has been preinstalled on more than forty models of smartphones according to research from the Russian editor Dr Web. Leagoo and Doogee brand Chinese phones that are particularly affected, according to security researchers. The list – probably not exhaustive – of affected models is available here. According to the company's findings, this piece of malicious code is injected during the compilation of the system by a development partner, who in addition to installing third-party apps, adds code to the software libraries of the OS. A rather unusual request that did not raise an eyebrow to the builders.
A new alarm bell
As a result, Android.Triada.231 benefits from fairly extensive access to OS features and can steal information, execute code, or download apps from the user's nose and beard. To do this, the malware is actually hidden within the Zygote process that is used, on Android, to launch applications. The malware was actually discovered by the antivirus company in mid-2017, but the extent of its harmfulness has just been established. The only solution for affected mobile is to eject the piece of code through root access to the system or reinstall a clean software image. Two options that are clearly not available to all. Android.Triada.231 is therefore added to the long list of malware discovered in recent years on the Google OS and recalls once again the importance of monitoring software on Android. Most of these threats can be annihilated when the phone runs with a recent version of the system and the manufacturer has bothered to deploy recent security patches on his device. An effort unfortunately too rare in the world of Android.