According IT security audit service specialists, Google recently recognized that a group of cybercriminals discovered a backdoor preinstalled on Android devices during the year 2017.
The backdoor,
known as Triada, was reported for the first time by researchers from the
Kaspersky firm; in their first report, experts mentioned that this was one of
the most advanced mobile device Trojans that existed back then.
After its installation, Triada sought to
install malicious applications for the sending of spam and advertisements.
According to experts in IT security audit service specialists, Triada has a
wide range of resources, mainly to conduct rooting attacks and evade
pre-installed protections on Android
devices and get access to the installed apps.
A couple of years ago, the security firm Dr.
Web also published a report that made mention of this backdoor, claiming that
Triada was incorporated in the firmware of multiple Android devices; attackers
would have used the backdoor to install some modules inadvertently.
Since the backdoor was built into one of the
operating system libraries, it was not possible to eliminate it using conventional
techniques, explained the IT security audit service specialists.
Google confirmed the existence of the backdoor,
although it did not explicitly mention the affected manufacturers. “Triad
infects the images of the compromised system through a third party in the
production process of the devices. On occasions, Original Equipment
Manufacturers (OEM) include functions that are not part of the Apple Open
Source project (AOSP), such as biometric unlocking. OEMs associate with third
parties to develop these new features by sending the complete system image to
these third parties for the development of the additional functions”,
mentions the Google statement.
The most recent version of the backdoor was included
“discretely” in the system image as part of a code developed by third
parties to implement additional functions at OEM’s request; According to
specialists from the International Institute of Cyber Security (IICS) Google
has been working with Android OS device manufacturers to ensure that this
malicious function has been completely eliminated from the devices’ firmwares.
