42 Android Phones That Bring Banking Trojan Out of the Box


Russia-based antivirus vendor has revealed that over 42 models of Android smartphones are sold carrying a banking trojan. Tirada Android banking trojan that was discovered a couple of years back can root devices and make it impossible for users to get rid of it without reinstalling the operating system.

These Trojans infect the process of an important Android system component, Zygote. This process is used to launch all applications. Once the Trojans inject into this module, they penetrate other running applications. In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software. The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library. They do not distribute the Trojan as a separate program. As a result, the malicious application penetrates the device firmware during manufacture. Users receive their devices already infected from the box.

The AV firm said that the malware is present in the devices which are sold not only in Russia but globally. "For instance, in Poland, Indonesia, China, the Czech Republic, Mexico, Kazakhstan, [and] Serbia," Dr.Web said. The company's report adds that this Android banking trojan usually affects low-cost phones, including Leagoo, Doogee, Vertex, Cherry Mobile, and others.

Fake COVID-19 Tracking App Found to Infect Android Phones With Ransomware

Unfortunately, the report won't surprise anyone in the industry. Several reports have previously suggested how some Android manufacturers ship their brand new phones with malware, adware and trojans. It appears these reports aren't affecting the manufacturers since they continue to use the same tactics, suggesting that their userbase usually stays unaware of these reports.

In several cases, it wasn't the manufacturer, however, that was to blame - at least not entirely. Third party software developers continue to inject malware alongside the applications that come with the newly shipped phones. "This [software development] company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation," the AV firm said.

"Unfortunately, this controversial request did not evoke any suspicions from the manufacturer. Ultimately, Android.Triada.231 got to the smartphones without any obstacles."

However, at the end of the day it is the responsibility of the manufacturer to test and ship these devices without any modules that spy on users, steal their banking credentials or send all of their data to unknown criminals.

Here's the latest list of devices that were shipped with Android.Triada.231:

Leagoo M5
Leagoo M5 Plus
Leagoo M5 Edge
Leagoo M8
Leagoo M8 Pro
Leagoo Z5C
Leagoo T1 Plus
Leagoo Z3C
Leagoo Z1C
Leagoo M9
ARK Benefit M8
Zopo Speed 7 Plus
Doogee X5 Max
Doogee X5 Max Pro
Doogee Shoot 1
Doogee Shoot 2
Tecno W2
Homtom HT16
Umi London
Kiano Elegance 5.1
iLife Fivo Lite
Mito A39
Vertex Impress InTouch 4G
Vertex Impress Genius
myPhone Hammer Energy
Advan S5E NXT
Advan S4Z
Advan i5E
Tesla SP6.2
Cubot Rainbow
Haier T51
Cherry Mobile Flare S5
Cherry Mobile Flare J2S
Cherry Mobile Flare P1
Pelitt T1 PLUS
Prestigio Grace M5 LTE
BQ 5510