SECURITY
SECURITY
SECURITY
Google admits some Android phones shipped with malware
Google LLC Friday admitted that some Android phones going back as far as 2016 were shipped with malware installed unknowingly by smartphone manufacturers.
The malware used is called “Triada,” a trojan virus that provides hackers with backdoor access to an infected device. The code is primarily found on smartphones manufactured in China.
Google first detected Triada three years ago and moved to protect against it using Play Protect, but the trojan evolved over time, becoming harder to detect. A version first detected 2017 included a backdoor log function that downloaded and installed modules in a place within Android that wasn’t noticed by many smartphone manufacturers at the initial stage.
Malware on smartphones is not new and this isn’t the first time malicious software has been installed on smartphones at the manufacturing level. What’s interesting here is how those behind the code managed to trick manufacturers into installing it.
Instead of hacking smartphone makers or breaking into plants, those behind the code pretended to be legitimate third-party suppliers of software that could be added to a standard Android Open Source Project installation, the free version of Android that doesn’t require licensing, such as a face unlock program. Neither was this a case of a shady-looking man in a trenchcoat offering under-the-counter enhanced Android functionality, with those behind the code pretending to be legitimate companies.
“Based on analysis, we believe that a vendor using the name Yehuo or Blazefire infected the returned system image with Triada,” Lukasz Siewierski from the Android security and privacy team wrote in a blog post.
Which smartphone makers were targeted and which models were infected have not been officially disclosed. But a report from Bleeping Computer in March found Triada infections on phones made by Leagoo, Doogee, Vertex, Advan, Cherry Mobile and others.
“We coordinated with the affected OEMs to provide system updates and remove traces of Triada,” Siewierski added. “We also scan for Triada and similar threats on all Android devices. OEMs should ensure that all third-party code is reviewed and can be tracked to its source.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
