CITIZENS NEWS

Hackers are selling counterfeit phones with crypto-stealing malware

By avagrace // 2025-04-10

• Kaspersky Labs discovered thousands of counterfeit Android smartphones preloaded with a dangerous variant of the Triada trojan sold at reduced prices, granting attackers extensive control over the devices.
• Over 2,600 confirmed infections were found, primarily in Russia, highlighting the global reach and sophistication of this cyber threat, which can steal cryptocurrency and hijack user communications.
• The Triada trojan is deeply embedded in the firmware, making it nearly impossible to detect or remove. It can steal user account information, intercept texts and replace wallet addresses, with attackers reportedly transferring about $270,000 in cryptocurrencies.
• The Triada trojan, first identified in 2016, has evolved into one of the most complex and dangerous Android threats, typically targeting financial and messaging apps. This new variant marks a significant shift by being pre-installed on counterfeit devices.
• Kaspersky Labs recommends purchasing devices only from legitimate distributors, installing security solutions immediately, keeping devices updated and avoiding unknown app downloads to mitigate the risk of falling victim to this and similar threats.

Cybersecurity firm Kaspersky Labs has uncovered thousands of counterfeit Android smartphones sold online, which are preloaded with a dangerous variant of the Triada trojan. These devices sold at reduced prices grant attackers almost unlimited control over the smartphones. This enables these bad actors to steal cryptocurrency, replace wallet addresses and hijack user communications. The majority of the 2,600 confirmed infections were found in Russia, highlighting the global reach of this sophisticated cyber threat. Kaspersky Labs cybersecurity expert Dmitry Kalinin said the trojan is deeply embedded in the firmware of these counterfeit devices. Given this, Triada is nearly impossible to detect or remove in these smartphones. "The authors of the new version of Triada are actively monetizing their efforts," Kalinin remarked. "Judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets." However, the true extent of the financial damage may be even greater. The attackers also targeted Monero, a cryptocurrency known for its untraceable nature. (Related: StilachiRAT: Microsoft sounds alarm on stealthy malware targeting crypto wallets and credentials.) The trojan's capabilities are extensive, including the ability to steal user account information and intercept incoming and outgoing texts, even those containing two-factor authentication codes. "Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada," Kalinin added. First surfacing in 2016, the Triada trojan has since evolved into one of the most complex and dangerous Android threats. It is known for targeting financial applications and messaging apps like WhatsApp, Facebook and GMail. Typically, it is delivered through malicious downloads and phishing campaigns, but this latest iteration marks a significant shift in its deployment method. "The Triada trojan has been known for a long time, and it still remains one of the most complex and dangerous threats to Android," Kalinin said.

Cybersecurity firms sound alarm about malware targeting crypto users

Cybersecurity firms across the globe have been sounding the alarm about new forms of malware targeting cryptocurrency users. Netherlands-based cybersecurity firm Threat Fabric reported on March 28 that it had identified a new family of malware capable of launching fake overlays to trick Android users into providing their crypto seed phrases. This malware can take complete control of the device, further exacerbating the threat to users' financial security. On March 18, tech giant Microsoft announced the discovery of a new remote access trojan (RAT) that targets cryptocurrency held in 20 wallet extensions for the Google Chrome browser. This multi-faceted approach by cybercriminals underscores the evolving nature of the threat landscape and the need for constant vigilance. Kaspersky Labs recommends that users only purchase devices from legitimate distributors and install security solutions immediately after purchase. "The best way to avoid falling victim to this scam is to be cautious about where you buy your devices," Kalinin advised. "If a deal seems too good to be true, it probably is." Users are also advised to keep their devices updated, install trusted antivirus software and avoid downloading apps from unknown sources. These precautions are crucial in an era where the line between physical and digital threats is increasingly blurred. Watch this video about how you can protect yourself against malware. This video is from the Jerusalem Cats channel on Brighteon.com.

More related stories:

Moscow terror attack suspects had pro-Ukraine imagery on their cellphones, investigators claim. North Korean hacker indicted for hacking, stealing military secrets. Leaked documents reveal China’s hacking abilities and potential targets. Sources include: CoinTelegraph.com FXSrtreet.com Aicoin.com Brighteon.com

glitch hackers national security terrorism cybersecurity cyber war conspiracy crime smartphones big government deception malware dangerous inventions information technology cryptocurrency computing future tech privacy watch faked remote access Trojan Kaspersky Labs Trojan Triada counterfeit phones