A new research finding published by Dr Web Research Institute has revealed that some Chinese smartphones are infected with the malware called Triada Trojan. According to the research finding, the Trojan malware comes pre-loaded on the phones. This finding is coming on the heel of the recent discovery by researchers at Google of the malware Lippizan which is capable of recording calls, capture photos and monitor other activity without root access permission.
The Triada Trojan is said to be among the most sophisticated strains of malware around because it has the ability to inject itself into Android parent process called Zygote. The parent process (Zygote) is active all through the phone’s uptime and this allows the Trojan malware to get access to the context of any application that is running at the time. Earlier this year, the Trojan malware was discovered to have adopted sandbox technology, specifically the open source sandbox DroidPlugin which enables it to evade detection much better.
The Chinese smartphones mentioned in the report include the LEAGOO M5 Plus, LEAGOO M8, Nomu S10 and Nomu S20. The research discovered that the core Android library “libandroid_runtime.so” on the models were injected with the Triada Trojan malware. All the models mentioned are interestingly cheap smartphones and some even cost less than $100. We can’t be certain about how this managed to happen but it will likely be connected with the ROM makers. It is suspected that the ROM makers, or someone else with access to the Android code used on these devices, could have added the malicious bits to the library before installing it on the devices. Nomu and LEAGOO have been notified of the anomaly but it is unlikely that they will push OTA updates on already shipped models. The malware issue may likely be corrected on the ROM that would be pre-loaded on upcoming models.