That cheap smartphone may look like a steal, but that’s not the way you wanted it to.
Cheap counterfeit phones are now being sold preloaded and sold with malware targeting unsuspecting Android users – steal Cryptocurrencyexchange phone numbers on the phone and hijack social media accounts.
Cybersecurity company Kaspersky has reported a new technique to spread the dangerous Triada Trojan in a recent analysis. Since its discovery in 2016, Triada has evolved into one of the most complex and dangerous Android threats, as it allows you to sneak into all the processes on your smartphone.
In the latest iterations, hackers embed malware deeply into the system framework of fake smartphones, making detection and removal extremely difficult.
“Perhaps one of the phases is that stores may not even suspect that they are selling Triadas and smartphones because their supply chains are being breached,” said Dmitry Kalinin, cybersecurity expert at Kaspersky Lab.
Between March 13th and 27th, 2025, more than 2,600 users encountered the Trojan horse, and the malware gave attackers “nearly unlimited control” over their smartphones.
Malware can also steal user credentials from messaging apps such as Telegram and Tiktok, exchange Crypto Wallet addresses, and send messages on its behalf to hijack victim communications.
As Kaspersky points out, this could probably be just the tip of the iceberg. Attackers continue to use these devices for their economic benefits.
What is a Triad Trojan?
Triada first appeared in 2016 and has since become one of the most sophisticated mobile malware threats targeting Android users.
Modular Trojans can inject malicious code into system processes such as Zygote, which gains root access to infected devices and controls the launch of all apps on Android.
This makes detection very difficult as Triada works primarily in the device’s RAM and is often hidden from traditional security checks.
The latest report stated that Triada could interfere with the anti-fulard system by monitoring web browser activity, replacing links and blocking network connections.
One of the most disturbing features of Triada is its ability to quietly change phone numbers during calls, allowing attackers to intercept sensitive conversations.
Rising Mobile Malware Threats
The revival of Triada follows the recent emergence of other mobile malware strains, such as Crocodilus.
Crocodilus uses social engineering tactics to steal wallet seed phrases pose as a legitimate app.
Once installed, you can remotely control infected devices, allowing cybercriminals to siphon sensitive data.
Kaspersky recommends updating your device, installing trusted antivirus software, and avoiding apps from unknown sources to prevent these threats.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
