BleepingComputer reports that at least 3,000 Android devices that are counterfeits of widely known smartphones, most of which are in Russia, were confirmed to have been pre-installed with the latest iteration of the modular and stealthy Triada trojan.
Aside from pilfering messenger and social media accounts, impersonating victims in WhatsApp and Telegram messages, monitoring browsing activity, intercepting SMS messages, mimicking phone numbers, and remotely downloading apps, the newest Triada variant also targets cryptocurrency wallets, having already exfiltrated nearly $270,000 in crypto assets, according to findings from Kaspersky. While additional details regarding Triada's means of initial compromise remain uncertain, such infections may have been caused by a supply chain intrusion, said Kaspersky researchers. "It is likely that the supply chain is compromised at some point, so even the stores may not realize they're selling phones with Triada," noted researchers, who advised doubtful users to reflash their devices while urging device purchases from authorized distributors alone.
