https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices/
By Dan Goodin
Ars Technica
6/6/2019
Criminals in 2017 managed to get an advanced backdoor preinstalled on Android
devices before they left the factories of manufacturers, Google researchers
confirmed on Thursday.
Triada first came to light in 2016 in articles published by Kaspersky here and
here, the first of which said the malware was "one of the most advanced mobile
Trojans" the security firm's analysts had ever encountered. Once installed,
Triada's chief purpose was to install apps that could be used to send spam and
display ads. It employed an impressive kit of tools, including rooting exploits
that bypassed security protections built into Android and the means to modify
the Android OS' all-powerful Zygote process. That meant the malware could
directly tamper with every installed app. Triada also connected to no fewer
than 17 command and control servers.
In July 2017, security firm Dr. Web reported that its researchers had found
Triada built into the firmware of several Android devices, including the Leagoo
M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. The attackers used the backdoor to
surreptitiously download and install modules. Because the backdoor was embedded
into one of the OS libraries and located in the system section, it couldn't be
deleted using standard methods, the report said.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
