20 matches found
Triada strikes back
Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspers...
Triada Malware Infects Android Devices via Fake Telegram App
By Waqas Fortunately, the infected version of Telegram carrying Triada malware is being distributed through third-party stores rather than the official Google Play Store. This is a post from HackRead.com Read the original post: Triada Malware Infects Android Devices via Fake Telegram App...
IT threat evolution in Q3 2022. Mobile statistics
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initi...
Modified WhatsApp App Caught Infecting Android Devices with Malware
An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are...
Malicious WhatsApp mod distributed through legitimate apps
Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version...
Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store
A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions o...
Custom WhatsApp Build Delivers Triada Malware
Triada malware, both pernicious and persistent, has resurfaced. Its most recent sighting is buried inside an advertising component of a modified version of the popular WhatsApp messenger called FM WhatsApp. The malware, first spotted by researchers at Kaspersky in 2016, is a type of mobile...
Modified Version of WhatsApp for Android Spotted Installing Triada Trojan
A modified version of the WhatsApp messaging app for Android has been trojanized to intercept text messages, serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified...
Triada Trojan in WhatsApp mod
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...
Malicious code in APKPure app
Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a...
Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get ri...
xHelper: The Russian Nesting Doll of Android Malware
The “undeletable” xHelper malware – which ultimately results in the installation of the Triada trojan – has become a virulent scourge for Android devices this year, according to researcher analysis – bringing with it a hallmark of being virtually indestructible for the common user. xHelper is kno...
Unkillable xHelper and a Trojan matryoshka
It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever. The main feature of xHelper is entrenchment — once it gets into the phone, it somehow remains there even after the user delet...
Tracing the Supply Chain Attack on Android
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or...
Backdoor Built into Android Firmware
In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles publishe...
Google confirms presence of Triada backdoor in cheap Android phones
By Uzair Amir Triada Banking Trojan came Preinstalled as Backdoor in Budget Android Smartphones- Google Confirms. It would probably be the first time ever in Google's history that the company has revealed details of the tenacity and success of malware dubbed as Triada. Triada malware was discover...
A week in security (March 05 – March 11)
Last week on Malwarebytes Labs, we paid homage to several women in tech, including some of our very own, on International Women's Day and shared their stories. We also looked into an adware posing as an Android app that claims to live stream the 2018 Winter Olympics, exposed scammers that go by t...
Mobile Triada and Horde Variants Bypass Android Security
Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions. The Android Trojan called Triada,...