Recently, Android security provider company Dr. Web reported that a good number of the Android phone in the market come up with a pre-installed Trojan named “Android.Triada.231”. This Trojan is capable of stealing any information it needs.
The company discovered the Trojan in mid-2017 and after an in-depth research, they found out that over 40 smartphone models are affected by it. These phones are from the low-end category including devices from Umi, Cubot, Doogee & Leagoo etc.
Dr. Web reported the issue to the companies and in one particular case, it was discovered that the culprit behind the Trojan was a partnership with a software developing company in Shanghai. The contract required the OEMs to pre-install one of their software in the operating system.
How “Android.Triada.231” works
This malware is extremely dangerous as it runs since the starting of the phone where there’re a few setup processes. This could lead to serious situations.
According to Dr. Web, the Trojan infect an important Android process named “Zygote”. This process launches all the apps in Android. Thus, once the Trojan is inside the module, it can get inside each and every application that runs on the system.
Thus, the Trojan obtains the ability to carry out any malicious activity without the user’s notice. It also cleverly downloads and launches additional software. The file “libandroid_runtime.so” is the home of “Android.Triada.231”, an important system library for the Android operating system. The main feature is, this Trojan isn’t distributed as an additional software and infects the system during manufacturing. The users who purchase the phone gets built-in Trojan in the way.
The number of possible infected devices can go even higher. However, the 40 designs are confirmed that those are compromised by the Trojan. There could be other phones having the same issue as well.
How to stay secured
This is not an easy process to remove the Trojan. The malware comes built-in; in other words, as system software. General antivirus and security apps can’t remove the Trojan even if that’s identified. Giving a system reset doesn’t work, as the system’s backup image is the source of the Trojan.
The best way to stay secure from this malware is to change the smartphone. If you’re an advanced user, you can try rooting the device and fix the problem with antivirus or install a custom ROM. The latest Galaxy S9 is also announced. Learn more about Galaxy S9.
Here’s the complete list of all the infected (confirmed) devices. Take quick actions if you own any of these.
- Leagoo M5
- Leagoo M5 Plus
- Leagoo M5 Edge
- Leagoo M8
- Leagoo M8 Pro
- Leagoo Z5C
- Leagoo T1 Plus
- Leagoo Z3C
- Leagoo Z1C
- Leagoo M9
- ARK Benefit M8
- Zopo Speed 7 Plus
- UHANS A101
- Doogee X5 Max
- Doogee X5 Max Pro
- Doogee Shoot 1
- Doogee Shoot 2
- Tecno W2
- Homtom HT16
- Umi London
- Kiano Elegance 5.1
- iLife Fivo Lite
- Mito A39
- Vertex Impress InTouch 4G
- Vertex Impress Genius
- myPhone Hammer Energy
- Advan S5E NXT
- Advan S4Z
- Advan i5E
- STF AERIAL PLUS
- STF JOY PRO
- Tesla SP6.2
- Cubot Rainbow
- EXTREME 7
- Haier T51
- Cherry Mobile Flare S5
- Cherry Mobile Flare J2S
- Cherry Mobile Flare P1
- NOA H6
- Pelitt T1 PLUS
- Prestigio Grace M5 LTE
- BQ 5510
source: Softpedia