A new threat targeted towards Android devices has recently been detected. This new Trojan infection, called Triada, is just as complex as malicious programs aimed at Windows systems. In most cases, it slithers into a device through apps downloaded from unreliable sources. Android OS 4.4.4. and earlier versions are at the greatest risk of getting infected by this parasite. Let us take a closer look at how Triada works.
As it has already been mentioned, the Trojan gets distributed via unreliable websites. However, it is possible to infect your device by downloading and installing an application from Google Chrome web store as well, because some malware is capable of disguising itself as a legitimate game or app. Moreover, the threat may get installed during the update process or it may even be pre-installed on a smartphone.
The reason the infection was named Triada is because it uses three Trojans that work in cooperation with one another: Ztorg, Gorpo, and Leech. These Trojans use root privileges. After rooting on a device, the parasites can create advertising botnet and install adware onto it. Worse than that, however, they can also create a backdoor and use it to activate modules that can download, install, and launch malign apps.
What makes this harmful threat different from the others is that it uses Zygote – the parent of all app processes on Androids – the only purpose of which is to launch applications. By using Zygote, the Trojan becomes a part of the app process as soon as it enters the device. This means that it gets pre-installed into all apps that are launched on the system. This is the first time that Zygote was used in reality as it was only a concept up until this point.
Once inside, Triada functions silently. It gets implemented into almost every process and exists in the short term memory. The parasite is practically impossible to detect. The way that it makes profit for its creators is by modifying the outgoing messages sent through various apps. If the user makes in-app purchases by sending an SMS, the cyber criminals alter the message so that the money goes to them instead of the developers of the entertainment app or the game.
The Triada Trojan mostly attacks devices located in Russia, Ukraine, and the countries of the Asia-Pacific Region. However, it is more than likely that it will not take too long for it to spread in other countries as well. If a device gets infected by this parasite, there are two removal options to choose from. The first option is to “root” the device and eliminate the malware manually, while the second one is to jailbreak the Android operating system.
Triada should not be underestimated, because it is a complex threat that is capable of infecting the device with other malware and causing other issues. It may be detected under such names as Trojan-SMS.AndroidOS.Triada.a, Trojan-Downloader.AndroidOS.Triada.a, Backdoor.AndroidOS.Triada, Trojan-Banker.AndroidOS.Triada.a, and others.
source: Kaspersky Lab
Incoming search terms:
- android triada
- backdoor triada nr
- triada virus
- remover virus triada ac
- triada ac di android
- remove triada
- remove android troj triada
- triada ah removal android
- triada ah remove android
- triada ah virus
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.