Google LLC Friday admitted that some Android phones going back as far as 2016 were shipped with malware installed unknowingly by smartphone manufacturers.

The malware used is called “Triada,” a trojan virus that provides hackers with backdoor access to an infected device. The code is primarily found on smartphones manufactured in China.

Google first detected Triada three years ago and moved to protect against it using Play Protect, but the trojan evolved over time, becoming harder to detect. A version first detected 2017 included a backdoor log function that downloaded and installed modules in a place within Android that wasn’t noticed by many smartphone manufacturers at the initial stage.

Malware on smartphones is not new and this isn’t the first time malicious software has been installed on smartphones at the manufacturing level. What’s interesting here is how those behind the code managed to trick manufacturers into installing it.

Instead of hacking smartphone makers or breaking into plants, those behind the code pretended to be legitimate third-party suppliers of software that could be added to a standard Android Open Source Project installation, the free version of Android that doesn’t require licensing, such as a face unlock program. Neither was this a case of a shady-looking man in a trenchcoat offering under-the-counter enhanced Android functionality, with those behind the code pretending to be legitimate companies.

“Based on analysis, we believe that a vendor using the name Yehuo or Blazefire infected the returned system image with Triada,” Lukasz Siewierski from the Android security and privacy team wrote in a blog post.

Which smartphone makers were targeted and which models were infected have not been officially disclosed. But a report from Bleeping Computer in March found Triada infections on phones made by Leagoo, Doogee, Vertex, Advan, Cherry Mobile and others.

“We coordinated with the affected OEMs to provide system updates and remove traces of Triada,” Siewierski added. “We also scan for Triada and similar threats on all Android devices. OEMs should ensure that all third-party code is reviewed and can be tracked to its source.”

Photo: Pixabay