Low-Budget Androids Come Preinstalled With Triada Trojan

Android is and will remain the most popular mobile operating system in the world for the foreseeable future. This means there are quite a few low-budget devices available to consumers all over the world. Not all of the companies behind these cheaper options are taking security very seriously. Some low-budget Android devices come with the Triada Trojan as part of their firmware.

Triada Trojan on Android Is a Bad Sign

According to the researchers who discovered this Trojan, the malware has been found as part of the firmware on several low-budget Android smartphones. Among the models affected are Leagoo’s MN5 Plus and M8, as well as Nomu’s S10 and S20. Only a small portion of the available models in circulation is affected by the Triada Trojan, which hints at a supply chain compromise more than anything else.

It is upsetting to see Android devices coming preinstalled with a well-known mobile Trojan. Although the Android ecosystem is prone to malware of all types, malicious software is often installed after the devices are shipped. The affected models mentioned above have some units having Triada as part of their out-of-the-box firmware, which is disconcerting. It is unclear how this occurred exactly, but an investigation is underway.

Triada is an Android Trojan which goes back all the way to March of 2016 when the malware seemingly operated as the average banking Trojan. It remains unknown how much damage this software caused when everything was said and done. Triada since grew to become an all-around threat which could be used for any type of nefarious activity affecting Android users. In some cases, it was used to steal information or login credentials, whereas in other instances it simply aimed to present backdoor access to criminals.

This newer version is designed to automatically receive root access as part of the Zygote core OS process. This means the malware developer could do any type of harm to the infected Android device. This also means the current version is more than capable of stealing credentials or installing additional applications such as malware, ransomware, or other undesirable software.

For the time being, the most logical explanation is that Triada was installed due to a supply chain compromise. It is not the first time such a thing has happened, as we saw a similar compromise in December of 2016. It shows supply chains need to work on becoming a lot more secure in the future.

The bigger question is what can be done to resolve this problem sooner rather than later. It does not appear a patch will be issued to fix the firmware, although that situation may change in the future. Low-budget hardware manufacturers have a reputation to uphold, and they will need to take some course of action to help customers. Leagoo is a well-known brand which has been making waves in the Western world of late. It would be a shame to see companies like it go out of business due to a Trojan.