The zip attachment contains an exe file: the malware itself. Stolen data is exfiltrated via SMTP.
At least 40 models of cheap Android smartphones are infected by the Triad Trojan, one of the most dangerous in circulation
A cheap smartphone is not always a bargain. Rather, sometimes it can turn out to be much more expensive than a more costly model. This is confirmed by the most recent discovery made by the cybersecurity researchers of Dr. Web. After having analyzed a series of low end models of mobile Android phones, they found Triada Trojans inside at least 40 of them. This is the alarm launched by the Italian National CERT. It was discovered in March 2016 and is one of the most dangerous malware for Android mobile devices ever detected. Once it has been launched in the device of the victim, it obtains all the privileges of root and installs a backdoor. After having achieved the control of the phone, the Trojan takes advantage of the Zygote process of the operating system to employ its own password, in all the applications in use. Carrying out various malicious activities without the user knowing. Among these, also, downloading, installing and launching applications which enable to carry out more cyber attacks.
Dr. Web: The malware is inserted in the mobile devices directly in the factories. The number of infected ones could actually be much larger
It is not the first time that the Trojan Triada is discovered in cheap Android devices. The most recent type discovered by Dr. Web, and called “Android Triada 231”’, is not distributed by cybercrime as a separate application. It is injected directly into the libandroid_runtime.so system of the smartphone. As a consequence, the malware becomes part of the firmware during the process of production of the mobile phone and the devices are delivered to the customers already infected. In other words when they leave the factory they are ready to launch cyber attacks to the device of the victim. The source, according to the cybersecurity researchers, is a single company from Shangai which develops software. A partner of various Chinese producers of smartphones. Moreover, the list of infected devices could be much longer and Triada is not easily detected by anti viruses. Therefore, as a consequence, it is recommended to pay very close attention when choosing the device to be used and to go through an in depth scan with an updated anti virus.