Around 40 phones are affected
Google acknowledged that several budget phones were affected by a malware called Triada. First spotted in 2016, the said malware’s main role is to install spam apps on devices that display ads. This was done by gaining root access. Google tried to resolve this in 2017 by strengthening its Play Protect permissions, leading to Triada evolving by becoming a pre-installed Android framework backdoor—meaning the malware can be installed during the supply chain process.
Triada is dangerous as it can steal sensitive data from banking apps and intercept chat messages from social media apps.
Dr. Web reports that around 40 Android devices were affected by Triada. Some of these affected phones include:
- Leagoo M5
- Leagoo M5 Plus
- Leagoo M5 Edge
- Leagoo M8
- Leagoo M8 Pro
- Leagoo Z5C
- Leagoo T1 Plus
- Leagoo Z3C
- Leagoo Z1C
- Leagoo M9
- ARK Benefit M8
- Zopo Speed 7 Plus
- UHANS A101
- Doogee X5 Max
- Doogee X5 Max Pro
- Doogee Shoot 1
- Doogee Shoot 2
- Tecno W2
- Homtom HT16
- Umi London
- Kiano Elegance 5.1
- iLife Fivo Lite
- Mito A39
- Vertex Impress InTouch 4G
- Vertex Impress Genius
- myPhone Hammer Energy
- Advan S5E NXT
- Advan S4Z
- Advan i5E
- STF AERIAL PLUS
- STF JOY PRO
- Tesla SP6.2
- Cubot Rainbow
- EXTREME 7
- Haier T51
- Cherry Mobile Flare S5
- Cherry Mobile Flare J2S
- Cherry Mobile Flare P1
- NOA H6
- Pelitt T1 PLUS
- Prestigio Grace M5 LTE
- BQ-5510 Strike Power Max 4G (Russia)
As of this writing Cubot, Leagoo, and Cherry Mobile confirmed that they have removed the said malware from the affected devices since last year, and Google has been working with OEMs to make sure OTAs and system images are free from malware before they get installed in devices.
“By working with the OEMs and supplying them with instructions for removing the threat from devices, we reduced the spread of preinstalled Triada variants and removed infections from the devices through the OTA updates,” Android Security & Privacy Team’s Lukasz Siewierski said.