- Kaspersky researchers have discovered thousands of counterfeit Android smartphones sold with pre-installed Triada Malware designed to steal cryptocurrencies.
- The malware has helped attackers steal approximately $270,000 in various cryptocurrencies, with potentially more in untraceable Monero.
- The infection occurs before phones reach consumers, with 2,600 confirmed infections mostly in Russia during early 2025.
Kaspersky security researchers have discovered thousands of counterfeit Android smartphones containing pre-installed malware that targets cryptocurrency holdings. According to their April 1 statement, these devices are being sold at discounted prices online while harboring a sophisticated version of the Triada Trojan, which infiltrates every process and provides attackers "almost unlimited control" over the infected device.
Security expert Dmitry Kalinin from Kaspersky Labs explained that once the Triada Trojan gains access to a device, attackers can steal cryptocurrency by substituting wallet addresses. "The authors of the new version of Triada are actively monetizing their efforts; judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets," Kalinin said.
He noted that the actual amount could be higher since the attackers also targeted Monero, which is untraceable. Beyond cryptocurrency theft, the malware can steal user account information and intercept text messages, including those used for two-factor authentication.
Supply Chain Compromise
What makes this attack particularly concerning is that the malware infiltrates smartphone firmware before the device reaches consumers. Kalinin suggested that online sellers might be unaware of the embedded threat. "Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada," he explained.
To date, researchers have identified 2,600 confirmed infections across multiple countries, with most victims located in Russia during the first quarter of 2025. The Triada malware first appeared in 2016 and is known for targeting financial applications and messaging platforms like WhatsApp, Facebook, and Google Mail, according to Cybersecurity firm Darktrace.
Wider Crypto Malware Threat
Kaspersky Labs recommends purchasing devices only from legitimate distributors and installing security solutions immediately after purchase to avoid falling victim to this scam.
Other security firms have recently identified similar threats targeting cryptocurrency users. On March 28, Threat Fabric reported discovering new malware that creates fake overlays to trick Android users into revealing their crypto seed phrases. Similarly, Microsoft announced on March 18 that they had found a new remote access trojan targeting cryptocurrencies stored in 20 different wallet extensions for Google Chrome.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- OnlyFans Founder Teams with HBAR for Last-Minute TikTok Takeover Bid
- Kraken Secures Canadian Dealer Registration, Expands North America
- Cuomo hired by OKX to advise on federal probe leading to $505M fine
- OpenAI Reinstates Notorious Jailbreaker After Brief Ban Over Policy
- Bitcoin Volatility Hits 11-Month High as Price Swings Between $77K-$94K
