[German]A small addendum on the subject of Android security. Some time ago, cheap Android smartphones were once again found with the Triada malware pre-installed. The Remote Access Trojan (RAT) extracts personal data. The campaign mainly affected Russian victims, as Kasperski announced. In addition, a stalker ware app was found that requires a password for uninstallation.
Advertising
Trida malware on Android phones
The fact that Android devices can be infected with malware in the supply chain has already been reported several times. These were mostly cheap Android smartphones from no-name providers. Now, at the beginning of April 2025, I came across new reports of such an incident. The Hacker News took up the topic here, Bleeping Computer reported here.
This has been made public by experts from Kaspersky (Russian report). They report that they have come across a new version of the Triada Trojan that has been pre-installed on thousands of new Android devices. The malware becomes active after the smartphone is set up and allows threat actors to steal data.
It is said that this campaign, with at least 2,600 confirmed infections between March 13 and 27, 2025, mainly affects Russian users. The knowledge was probably gained through Kaspersky tools for mobile device security.
The infected smartphone models were probably offered at discounted prices in online stores. According to the above tweet, the authors of the campaign have already made a haul by withdrawing 270,000 US dollars in crypto money from victims.
Google points out that the Android devices infected by Triada are not Play Protect certified and that users are protected against Crocodilus and TsarBot by Google Play Protect. The Hacker News quotes a Google spokesperson as saying, "The infected devices are Android Open Source Project devices, not Android OS or Play Protect certified Android devices," the spokesperson said. "If a device is not Play Protect certified, Google has no record of the results of security and compatibility testing. Play Protect-certified Android devices undergo extensive testing to ensure quality and user safety."
Advertising
Android stalker-ware app wants uninstall password
Another issue is an Android app that has been found that falls under the category of stalker-ware. It wants a password for uninstallation, as the following tweet on X reveals.
Techcrunch published the facts in the article This sneaky Android spyware needs a password to uninstall. Here's how to remove it without one. Here's how to remove it without one. The editors of TechCrunch have come across an app for monitoring Android smartphones that requires a password to uninstall.
The spyware app, whose name Techcrunch does not mention, prevents affected owners of Android devices from removing the app. The password for uninstalling this spyware is set by the person who installed it.
TechCrunch has found in tests that restarting an affected Android device into "safe mode" prevents third-party apps from loading. This would allow those affected to uninstall the spyware app without the password prompt appearing.
Advertising
