The Triada malware infiltrates Android devices through a counterfeit Telegram app.
Thankfully, the version of Telegram infected with the Triada malware is disseminated exclusively through third-party stores, rather than the official Google Play Store.
Considering the immense global popularity of Telegram as one of the most widely utilized messaging applications, it is not surprising that scammers and cybercriminals aim to exploit it for their malicious endeavors. If you have inadvertently installed this counterfeit app, your device could have become infected with malware.
The Telegram malware employs privilege escalation on the system to initiate the execution of the malware. This privilege escalation is possible when the user grants phone permissions during the registration process.
Once granted access, the malware seamlessly integrates itself into various processes, enabling it to carry out a wide array of malicious activities.
When users launch the downloaded app for the first time, they are greeted with a login window that impeccably mimics the home page of the genuine app. To proceed with the registration process, users are then prompted to enter their phone number and provide permissions to access device features.
Operating surreptitiously in the background, the malware commences its nefarious operations, encompassing tasks such as collecting device information, retrieving configuration files, and establishing covert communication channels.
Devices affected by Triada malware encompass a diverse range of models from various manufacturers, including Leagoo, ARK Benefit, Zopo Speed, Doogee, Cherry Mobile Flare, and many more.
This broad spectrum of impacted devices underscores the critical importance of remaining vigilant and implementing robust security measures, as Triada’s influence has expanded across a wide array of devices available in the market.