Several low-cost Android device models were recently found to feature the Triada Trojan built into their firmware, Dr. Web security researchers say.
Designed as a financial threat, Triada was said last year to be the most advanced mobile malware because it could inject itself into the Zygote parent process, thus running code in the context of all applications. Earlier this year, it adopted sandbox technology (specifically, the open source sandbox DroidPlugin) to improve its detection evasion capabilities.
According to Dr. Web, the malware was recently found embedded in libandroid_runtime.so system library, thus being able to penetrate the processes of all running apps without requiring root privilages. The modified library, the security firm reveals, was found on several mobile devices, including Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
Leave a reply