A new threat targeted towards Android devices has recently been detected. This new Trojan infection, called Triada, is just as complex as malicious programs aimed at Windows systems. In most cases, it slithers into a device through apps downloaded from unreliable sources. Android OS 4.4.4. and earlier versions are at the greatest risk of getting infected by this parasite. Let us take a closer look at how Triada works.
As it has already been mentioned, the Trojan gets distributed via unreliable websites. However, it is possible to infect your device by downloading and installing an application from Google Chrome web store as well, because some malware is capable of disguising itself as a legitimate game or app. Moreover, the threat may get installed during the update process or it may even be pre-installed on a smartphone.
The reason the infection was named Triada is because it uses three Trojans that work in cooperation with one another: Ztorg, Gorpo, and Leech. These Trojans use root privileges. After rooting on a device, the parasites can create advertising botnet and install adware onto it. Worse than that, however, they can also create a backdoor and use it to activate modules that can download, install, and launch malign apps.
What makes this harmful threat different from the others is that it uses Zygote – the parent of all app processes on Androids – the only purpose of which is to launch applications. By using Zygote, the Trojan becomes a part of the app process as soon as it enters the device. This means that it gets pre-installed into all apps that are launched on the system. This is the first time that Zygote was used in reality as it was only a concept up until this point.
Once inside, Triada functions silently. It gets implemented into almost every process and exists in the short term memory. The parasite is practically impossible to detect. The way that it makes profit for its creators is by modifying the outgoing messages sent through various apps. If the user makes in-app purchases by sending an SMS, the cyber criminals alter the message so that the money goes to them instead of the developers of the entertainment app or the game.
The Triada Trojan mostly attacks devices located in Russia, Ukraine, and the countries of the Asia-Pacific Region. However, it is more than likely that it will not take too long for it to spread in other countries as well. If a device gets infected by this parasite, there are two removal options to choose from. The first option is to “root” the device and eliminate the malware manually, while the second one is to jailbreak the Android operating system.
Triada should not be underestimated, because it is a complex threat that is capable of infecting the device with other malware and causing other issues. It may be detected under such names as Trojan-SMS.AndroidOS.Triada.a, Trojan-Downloader.AndroidOS.Triada.a, Backdoor.AndroidOS.Triada, Trojan-Banker.AndroidOS.Triada.a, and others.