Hackers are selling counterfeit Android smartphones preloaded with the Triada Trojan malware that targets unsuspecting users, stealing cryptocurrencies, replacing phone numbers during calls, and hijacking messaging accounts. Kaspersky reports that over 2,600 users encountered this malware between March 13 and 27, 2025. Triada has been evolving since its emergence in 2016, gaining complexity and the ability to infiltrate the smartphone's system framework, making detection difficult. It can steal credentials from apps like Telegram, replace cryptocurrency wallet addresses, and hijack communication by sending messages without the user's knowledge. Experts suggest that the supply chain may be compromised, implicating stores unknowingly selling these malicious devices. The Trojan is capable of modifying system processes, hiding in device RAM, and blocking connections to interfere with security measures. This resurgence occurs alongside a rise in other mobile malware strains targeting crypto users. Kaspersky advises updating devices, using trusted antivirus software, and avoiding apps from unverified sources to combat these threats.

Source πŸ”—