- Hackers are selling counterfeit phones laced with crypto-stealing malware
- The threat actors target Android users
- The malware can replace phone numbers during calls and operate a victim’s social media accounts
Malicious actors continue to invent new ways to nab victims and are now selling cheap counterfeit phones laced with crypto-stealing malware. According to a report by cybersecurity firm Kaspersky, the hackers are using the trick to target Android users, adding that the malware can edit phone numbers during calls and operate a victim’s social media accounts. Kaspersky noted that threat actors are also working to compromise supply chains to get the counterfeits into reputable phone stores, boosting the genuineness of the phones and consequently increasing the number of victims.
Malware Discovered Nine Years Ago
The cybersecurity firm identified the malware as Triada, noting that it was discovered in 2016. According to Kaspersky, hackers embed Triada deep into a phone’s architecture, enabling it to control the phone without detection.
Kaspersky revealed that the malware steals “user accounts in instant messengers and social networks, in particular Telegram and TikTok.” It added that Triada can send messages on these platforms “on behalf of the victim” and later delete them “to erase traces.”
The malware steals crypto by replacing wallet addresses with the ones controlled by the threat actors. It can also download and install software to further the hackers’ agenda.
Triada is also able to “block network connections […] to interfere with the operation of anti-fraud systems.” The cybersecurity firm revealed that malicious actors have already nabbed more than 2,500 victims in two weeks ending March 27.
Users Advised to Install Security Solutions
Kaspersky recommends that crypto users should purchase smartphones from authorized shops and install security solutions “immediately after purchase.” This tactic adds to others that hackers are using to steal crypto.
In a recent report from Google’s Threat Intelligence Group, for example, hackers are posing as IT workers and infiltrating crypto projects as employees. Threat actors are also using fake web3 firms to lure unsuspecting job seekers and social engineering schemes to infiltrate crypto and blockchain projects.
With hackers turning to counterfeit phones, it’s likely they’ll also focus on stealing funds from mobile banking apps.
