Source: Cointelegraph Original: "{title}"

Cybersecurity company Kaspersky has reported the discovery of thousands of counterfeit Android smartphones that are sold online and pre-installed with malware designed to steal cryptocurrency and other sensitive data.

Kaspersky Lab stated in a statement on April 1 that these Android devices are sold at discounted prices but are embedded with a version of the Triada Trojan, which infects every process and provides attackers with "almost unlimited control" over the device.

Dmitry Kalinin, a cybersecurity expert at Kaspersky Lab, stated that once the Trojan grants attackers access to the device, they can steal cryptocurrency by replacing wallet addresses.

"The authors of the new version of Triada are actively realizing their profits; through analysis of transactions, they have transferred approximately $270,000 worth of cryptocurrency into their crypto wallets," he said. "However, in reality, this amount could be larger; the attackers are also targeting Monero, an untraceable cryptocurrency."

Other features of the Trojan include stealing user account information and intercepting incoming and outgoing text messages, including two-factor authentication.

According to Kalinin, the Trojan has infiltrated the smartphone's firmware before the phone reaches the user, and some online sellers may not even be aware of the time bomb within the devices.

"It may have been compromised at some stage in the supply chain, so the stores may not even suspect they are selling smartphones with Triada," he said.

Currently, Kaspersky researchers report that they have identified 2,600 cases of infections through this scam, involving different countries, with most users encountering this issue in the first three months of 2025.

These Android devices are sold at discounted prices but are filled with malware. Source: Hovatek

According to cybersecurity company Darktrace, the Triada malware first appeared in 2016 and is known for its attacks on financial applications and messaging apps such as WhatsApp, Facebook, and Google Mail. It typically spreads through malicious downloads and phishing activities.

Kalinin from Kaspersky Lab stated, "The Triada Trojan has been known for a long time and remains one of the most complex and dangerous threats in the Android system."

According to Kaspersky Lab's advice, the best way to avoid becoming a victim of this scam is to purchase devices only from legitimate distributors and to install security solutions immediately after purchase.

Other companies are also warning about new forms of malware, particularly threats targeting cryptocurrency users.

Cybersecurity company Threat Fabric reported on March 28 that it has discovered a new family of malware capable of launching fake overlay interfaces to deceive Android users into providing their cryptocurrency seed phrases and taking over their devices.

On March 18, tech giant Microsoft announced that it had discovered a new remote access Trojan specifically targeting cryptocurrency stored in 20 wallet extensions in the Google Chrome browser.

Related: FDUSD stablecoin unpegged due to Sun Yuchen's bankruptcy allegations.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。