Cybersecurity firm Kaspersky says it has uncovered thousands of counterfeit Android smartphones sold online with preinstalled malware designed to steal crypto and other sensitive data. The Android devices are sold at reduced prices, cybersecurity firm Kaspersky Labs said in an April 1 statement, but are riddled with a version of the Triada Trojan that infects every process and gives the attackers “almost unlimited control” over the device. Dmitry Kalinin, a cybersecurity expert at Kaspersky Labs, said that once the trojan grants the attackers access to devices, they can steal crypto by replacing wallet addresses. “The authors of the new version of Triada are actively monetizing their efforts; judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets,” he said. “However, in reality, this amount may be larger; the attackers also targeted Monero, a cryptocurrency that is untraceable.”Among the trojan’s other capabilities are stealing user account information and intercepting incoming and outgoing texts, including two-factor authentication. The trojan penetrates smartphone firmware even before the phone reaches users, and some online sellers might not even be aware of the ticking time bomb in the device, according to Kalinin.“Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada,” he said. At this stage, Kaspersky researchers say they have found 2,600 confirmed infections through this scam in different countries, with the majority of users in Russia encountering it in the first three months of 2025. The Android devices are sold at reduced prices but are riddled with malware.
It is generally delivered through malicious downloads and phishing campaigns. “The Triada Trojan has been known for a long time, and it still remains one of the most complex and dangerous threats to Android,” Kalinin said. The best way to avoid falling victim to this scam is to only purchase devices from legitimate distributors and install security solutions immediately after purchase, according to Kaspersky Labs. Other firms have also been raising the alarm over new forms of malware targeting crypto users. Related: Crypto exploit, scam losses drop to $28.8M in March after February spikeCybersecurity firm Threat Fabric said in a March 28 report it found a new family of malware that can launch a fake overlay to trick Android users into providing their crypto seed phrases as it takes over the device.
Source: HovatekThe Triada malware first surfaced in 2016 and is known for targeting financial applications and messaging apps like WhatsApp, Facebook and Google Mail, according to cybersecurity firm Darktrace.
or
Share This Story
Article Details
Author / Journalist: Cointelegraph by Stephen Katte
The story "Hackers are selling counterfeit phones with crypto-stealing malware" has 501 words across 15 sentences, which will take approximately 3 - 5 minutes for the average person to read.
Which news outlet covered this story?
The story "Hackers are selling counterfeit phones with crypto-stealing malware" was covered 1 days ago by Coin Telegraph, a news publisher based in United States.
How trustworthy is 'Coin Telegraph' news outlet?
Coin Telegraph is a fully independent (privately-owned) news outlet established in 2013 that covers mostly crypto news.
The outlet is headquartered in United States and publishes an average of 24 news stories per day.
It's most recent story was published 7 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Negative, indicating that people regard this as "bad news".
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
