Earlier this year, Forbes reported how a banking Trojan virus named Triada was found on a lot of brand new budget Android smartphones. Google confirmed that someone managed to compromise Android smartphones with the installation of a backdoor, a part of a larger supply chain attack.

To understand what happened, we’re going back to 2016 when Kaspersky Lab researchers first uncovered what they call one of the most advanced mobile Trojans Kaspersky malware analysts had ever seen. They named that Trojan “Triada” and explained how it existed mainly in the smartphone’s random access memory (RAM) using root privileges to replace system files with malicious ones.

Triada used a call in the Android framework log function. The infected devices had a backdoor installed, meaning that every time an app, literally ANY app, attempted to log something the function was called and that backdoor code executed. The Triada Trojan could now execute code in pretty much any app context courtesy of this backdoor; a backdoor that came factory-fitted.

Production process with a third party used by affected manufacturers.
Production process with a third party used by affected manufacturers.

Google remained absolutely quiet concerning Triada until early this week week when Lukasz Siewierski from the Android security and privacy team posted a detailed analysis of the Trojan on their security blog. This definitely confirmed that a backdoor indeed existed in brand new Android smartphones.

It is unlikely that you will have been impacted by this backdoor, given that the devices concerned were value brands primarily sold in China. However, if you are concerned that you may have imported such a smartphone, Google is confident that it has dealt with the threat.