Trending Now

MALWARE ALERT: Triada virus ruining android smartphones




According to security firm Kaspersky Lab, the malware consists of a collection of three families – Ztorg,Gorpo and Leech – dubbed “Triada”.
The malware is propagated when people download applications via untrusted sources and Kaspersky said the software grants itself super user rights, which allow cyber criminals to install any software on a phone without the owner’s consent or knowledge.
It affects smartphones running Android operating systems 4.4.4 or earlier.
ccording to the recent Kaspersky Lab research on Mobile Virusology, nearly half of the top 20 Trojans in 2015 were malicious programmes with the ability to gain super-user access rights. Super-user privileges give cybercriminals the rights to install applications on the phone without the user’s knowledge.
This type of malware propagates through applications that users download/install from untrusted sources. These apps can sometimes be found in the official Google Play app store, masquerading as a game or entertainment application. They can also be installed during an update of existing popular applications and, are occasionally pre-installed on the mobile device. Those at greatest risk include devices running 4.4.4. and earlier versions of the Android OS.
There are 11 known mobile Trojan families that use root privileges. Three of them – Ztorg, Gorpo and Leech – act in cooperation with each other. Devices infected with these Trojans usually organise themselves into a network, creating a sort of advertising botnet that threat actors can use to install different kinds of adware.
According to Kaspersky, the Triada malware can be “compared to Window-based malware in terms of its complexity”.
“It is stealthy, modular, persistent and written by professional cybercriminals. Triada operates silently, meaning that all malicious activities are hidden, both from the user and from other applications,” said Nikita Buchka, junior malware analyst at Kaspersky Lab.
These apps can sometimes be found in the official Google Play app store, masquerading as a game or entertainment application. They can also be installed during an update of existing popular applications and are occasionally pre-installed on the mobile device,” said Buchka.
According to Kaspersky, there are eleven known mobile Trojan families that use root privileges. Three of them – Ztorg, Gorpo and Leech – act in cooperation with each other. Devices infected with these Trojans usually organise themselves into a network, creating a sort of advertising botnet that threat actors can use to install different kinds of adware.
"Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only. In addition, all separately running Trojan processes are hidden from the user and other applications. As a result, it is extremely difficult for the user and antivirus solutions to detect and remove the Trojan,” said Buchka.
“Because it is so difficult to get rid of, the most effective means to clean these devices is to completely wipe and re-image the device.”