In 2017, it was announced that the Triada malware suddenly appeared on dozens of Chinese devices. Google investigated the case and places the blame on suppliers of specific Android firmware.
In 2017, it was announced that various Chinese smartphones were infected with Triada software. In many cases it concerned devices that, given the export to Western markets, were relatively often supplied with a Play Store certificate. That is why Google also decided to investigate the event: how could malware get onto the devices in such a large scale? Two years later, Google released its research results: it is an infection at the supplier of specific firmware files. You don’t have to worry much in the Benelux, the dozens of Chinese machines are scarcely sold here.
Triada malware on Android
In 2016, Kaspersky discovered the Triada malware file for the first time. At the time, however, it was not yet known that smartphones were also infected. In 2017, DrWeb reported that at least forty smartphones were infected with malware, Doogee was the best-known brand in the list – but Doogee also hardly sells devices in the Benelux. Google reports that ‘ custom firmware ‘ was used for all the devices, the firmware was modified by Yehuo and Blazefire , among others . In this process, OEMs , the smartphone manufacturer, provide firmware to external parties to add functions. Unfortunately, the Tridia software was also added to that process.
For users of the smartphones, often from the delivery of the phones, there was little else to do than simply use the smartphone. Even if you notice that malware is installed, it cannot be removed because it is a built-in variant. In many cases, the Triada malware was used to install extra malicious applications. Normally the user should give permission for this, but the malware used a detour to install applications. These apps often received names of (unpopular) apps in the Google Play Store; in practice, they were used to send advertisements to smartphones.