Earlier this year there were reports that a banking Trojan known as Triada had been found on several brand new Android smartphones. Whilst this was widely known, it has only recently been confirmed that the threats did manage to compromise Android security.
Triada was able to install a backdoor in these budget Android phones as part of a supply chain attack. This Trojan is known to be one of the most advanced malware analysts had encountered. These analysts were able to determine that Triada exists in the infected phones RAM and uses root privileges to replace system files with malicious ones.
The advanced virus essentially installed a backdoor in any infected devices that meant that any app could be compromised. The Trojan had the ability to execute code in almost any app on the phone. This hack was so advanced simply because the backdoor came factory-fitted with the budged smartphones sold by Android.
Both Google and Android have remained relatively quiet regarding Triada until late this week. Lukasz Siewierski from the Android security team posted a detailed analysis of the Trojan on Google’s security blog. Siewierski stated that the devices were infected through “a third party during the production process”.
The security and privacy expert explained that when a device manufacturer wants to include extra features on their products, they may ask a third party to develop it for them. In order to achieve this, the company would need to send the entire system image to the third party during the development process. This gives an explanation as to how the devices may have come pre-installed with the Trojan.
Google and Android have released statements detailing that most of the devices to be infected with the virus were sold within China. However, they have also claimed that they have dealt with the threat and the devices security is no longer compromised.