Cybersecurity company Kaspersky says it has discovered thousands of counterfeit Android smartphones for sale online using pre-installed malware designed to steal crypto and other sensitive data.
Android devices are on sale at low prices, cybersecurity company Kaspersky Labs said in a statement on April 1, but it is plagued by the version of the Triadatrojan horse that infects all processes and gives attackers “nearly unlimited control” over the device.
Dmitry Kalinin, cybersecurity expert at Kaspersky Labs, said that when Trojan grants attackers access to their devices, they can steal the encryption by exchanging wallet addresses.
“The authors of the newer version of Triada are actively monetizing their efforts. Judging by the analysis of the transactions, they were able to transfer around $270,000 to the crypto wallet in various cryptocurrencies,” he said.
“But in reality, this amount may be large. Attackers are targeting monero, which is an untrackable cryptocurrency.”
Other features of the Trojan are to steal user account information and intercept incoming and outgoing texts, including two-factor authentication.
According to Kalinin, Trojan penetrates smartphone firmware even before the phone reaches the user, and some online sellers may not notice the time bomb inside the device.
“Perhaps one of the phases is that stores may not even suspect that they are selling smartphones on Triada because supply chains are being breached,” he said.
At this stage, Kaspersky researchers say they have discovered 2,600 confirmed infections through the scam in various countries. Most of the Russian users encountered it in the first three months of 2025.
Android devices are sold at low prices, but are plagued by malware. sauce: Hovatek
According to cybersecurity company Darktrace, Triada Malware first emerged in 2016 and is known for targeting financial and messaging apps such as WhatsApp, Facebook and Google Mail. It is usually provided through malicious downloads and phishing campaigns.
“The Triad Trojan horse has been known for a long time, but it is still one of the most complicated and dangerous threats for Android,” Kalinin said.
According to Kaspersky Labs, the best way to avoid falling victims of this scam is to buy the device from a legal distributor and install the security solution immediately after purchase.
Other companies are raising alarms for new forms of malware targeting crypto users.
Related: Crypto exploits, fraud losses fall to $28.8 million in March after February spikes
Cybersecurity company Threat Fabric said in a report on March 28 that it found a new malware family that could trick Android users into launching fake overlays to provide crypto seed phrases when taking over devices.
On March 18, Tech Giant Microsoft said it had found a new Remote Access Trojan (RAT) targeting Crypto, held in 20 wallet extensions in Google Chrome browsers.
magazine: Mystery Celebrity Memo Coin Scam Factory, HK Company Dump Bitcoin: Asia Express
