**Update: LEAGOO has responded that the virus alert on their phones was false. For details, click here**
Kaspersky Lab is once again reporting a dangerous malware, this time it’s about learning your device and stealing your information. The main concern in the Triada powder is that the malware is already installed in the production stages of the device. This malware knows how to modify the Android operating system, so it is almost indistinguishable.
Most of the devices found with the pre-installed malware are Chinese devices such as Leagoo or Cherry Flar. Most users do not know they are in danger, and the smart malware knows how to pass the device on to your servers through attackers.
The malware can initially collect basic device data such as a model, operating system, free memory card space and send it to the control center. This data is then processed by C&C serviers and transformed into a tool that allows hackers (black hats) to create the right kit for them to fully control the device. The kit is then delivered and installed, and the user’s device is in the control of the malware distributors.
One of the interesting features of Triada is that it can steal payments made by a user via SMS, and an SMS payment does not involve access to the Internet. The malware is able to redirect the payment to the account of the attackers via the message.
The most vulnerable devices are those with operating system 4.2.2 and below, but even devices with the latest operating system may be affected.