There are many claims that there is dangerous backdoor software on Android devices. It turns out that Android phones are infected with malware before they are shipped to customers by smartphone manufacturers. This specified backdoor area refers to an area created knowingly or unknowingly, outside the normal entry and exit points of the systems. These are the points where access to the system or software is possible. They are also defined as open points for data exit from the system. (one)
Google has published a very detailed study on this subject. It was announced that Triada was placed on some Android devices by hackers. Stating that the pre-installed software was captured by pirates, Google stated that there were problems on some Android devices due to Triada. At this point, he explained that spam applications were installed and that these applications enabled the device to display advertisements. Thanks to these spam applications, the creators of Triada have earned huge income from advertisements.
The Story Behind the Triada Incident
According to Techworm, Triada has a structure that can corrupt device system images through a third party during the production of devices with Android operating system. Some hardware manufacturers may want to add features for their customers that are not part of the Android Open Source Project. On the other hand, some may develop the desired feature. In addition, collaboration can be carried out in a way that all system images can be forwarded to a third-party developer. However, this process can have serious consequences in terms of security.
The “Triada” group of Trojans was discovered by security researchers working at Kaspersky laboratories. A detailed blog post about the subject was published on Kaspersky’s website in March 2016. Later, in June 2016, he wrote another blog post as a continuation of the subject.
Triada Trojan and Android Devices
Trioda Trojan performs hardware attacks on the target after gaining high privileges. In 2016, Google started offering a service to Android users through “Play Protect” to eliminate this threat.
According to Kaspersky, Trojans are generally defined as a type of malware disguised as legitimate software. In addition, this malware can be used by cyber thieves and hackers trying to access users’ systems. Users are often tricked by some form of social engineering into installing and running Trojans on their systems (2).
Removal of Tdiada
According to Techworm, after the removal of Triada by Google via play protect, the malicious actors behind this malware took an unconventional approach and released a smarter version of the Trojan in the summer of 2017. This situation was reported in July 2017 by Antimalware manufacturer Dr. It was discovered on the web and a blog post was published about it.
Now, “Triada,” instead of root access, serves as a backdoor into a pre-installed Android framework. This change is caused by extra code called by a log function. When any application keeps a log, this extra code is run, causing it to run continuously. Triada Trojan cannot be deleted by standard methods; Installing a clean Android firmware is the safest solution.
Build Test Suite
Users need to take precautions after the announcement of dangerous backdoor software on Android devices. In this context, learn how Triada works and take the security precautions you need to take to protect your devices. Google offers original equipment manufacturers an automated system called “Build Test Suite” that scans for malware. It asks manufacturers to conduct detailed security reviews of devices on their networks and detect suspicious activity. Google will also regularly evaluate devices on the market to prevent supply chain attacks.
Resources:
- Techworm, “Google Confirms Some Android Devices Came Preinstalled With Backdoor”, https://www.techworm.net/2019/06/google-android-backdoor.html
- Lostar, “Backdoor”, https://lostar.com.tr/2016/09/backdoor-arka-kapi.html
- Kaspersky, “Truva Atı Virüsü Nedir?”, https://www.kaspersky.com.tr/resource-center/threats/trojans