Triada Malware that was pre-installed in 2017 on dozens of Chinese Android smartphones, was subsequently delivered via a supplier. Google has determined that after investigation. This concerns models that were not sold in the Benelux.

Google says that Yehuo or Blazefire has put the malware in the firmware of the devices. It is unknown which functions these suppliers made for Android. According to Google, the manufacturer delivers the firmware to the supplier and delivers the firmware back with the requested function built-in. However, one of those companies has built in the Triada Malware. Because it was built in, users could not remove it either.

Kaspersky discovered Triada in 2016 and DrWeb discovered in 2017 that it was in the firmware of Android devices. This involved forty different models , but none is widely known in the Benelux. The best-known brand is Doogee, whose X5 telephones and Shoot models are on the list.

The malware got the rogue apps it wanted to install from a command & control server, with names of files similar to those of unpopular apps from the Play Store. A trick allowed it to install apps without asking the user to allow installing apps from unknown sources.

The purpose of the advanced malware was to send spam and display advertisements, presumably to generate money for the developers. With the report, Google confirms the previous findings of DrWeb from last year and 2017. Google has increased the protection of Play Protect to prevent such infections in the future. In addition, the search giant has collaborated with the maker of the smartphones to get the malware off the phones.

Google Triada chart