What is the Triada Android Malware?
It is a modular mobile device Trojan which specifically targets the Android platform. It is capable of penetrating the firmware itself that actively uses root access to alter system files. It exists mainly on the device’s RAM, which is why it is almost impossible to detect or remove.
Triada Android Malware has been known to exist on some models of Android phones during the manufacturing stage. Even if you have been careful about what you install and what you download on your personal device, if it already exists on your device it won’t be enough to protect your data.
Since mid-2017 Trianda Android malware has been steadily infecting various models of Android devices and stealing data by executing malicious activities without the users’ knowledge.
So far an estimated 40 million users (possibly more) have been infected by the malware, through a mix of downloaded Trojans and/or those which had the malware pre-installed on their devices.
Payload
After Triada Malware attaches itself to the device it will scan and analyze the device first and then send data to the server of the cybercriminals. It will very quickly infect and become a part of every app installed on your Android device.
Once it is able to be part of every app on your phone, it is possible for purchases on apps with in-app purchases to redirect payments to the malware author. Transaction data will be transferred via SMS instead of the money going to the app developer just in case the purchase go through successfully. In this case, it is either the user’s money stolen or the app developer to lose funds.
Trianda malware is initially known to steal money through the app, but since it is a modular type of malware, its payload can be updated to something much worse like reading all your keystrokes and literally stealing your credentials. Additionally, with its attachment to Zygote, it can possibly be made into a Remote Access Trojan similar to those already existing on Windows and Mac. In other words, almost anything that these group of malware authors wants it to be.
Once these cyber-criminals cannot get money directly from your card, then it is a huge possibility that the authors may shift to phishing activities to continuously monetize the malware.