Hackers are selling counterfeit phones with crypto-stealing malware

Cybersecurity steadfast Kaspersky says it has uncovered thousands of counterfeit Android smartphones sold online with preinstalled malware designed to bargain crypto and different delicate data. 

The Android devices are sold astatine reduced prices, cybersecurity steadfast Kaspersky Labs said successful an April 1 statement, but are riddled with a mentation of the Triada Trojan that infects each process and gives the attackers “almost unlimited control” implicit the device. 

Dmitry Kalinin, a cybersecurity adept astatine Kaspersky Labs, said that erstwhile the trojan grants the attackers entree to devices, they tin bargain crypto by replacing wallet addresses. 

“The authors of the caller mentation of Triada are actively monetizing their efforts; judging by the investigation of transactions, they were capable to transportation astir $270,000 successful assorted cryptocurrencies to their crypto wallets,” helium said. 

“However, successful reality, this magnitude whitethorn beryllium larger; the attackers besides targeted Monero, a cryptocurrency that is untraceable.”

Among the trojan’s different capabilities are stealing idiosyncratic relationship accusation and intercepting incoming and outgoing texts, including two-factor authentication. 

The trojan penetrates smartphone firmware adjacent earlier the telephone reaches users, and immoderate online sellers mightiness not adjacent beryllium alert of the ticking clip weaponry successful the device, according to Kalinin.

“Probably, astatine 1 of the stages, the proviso concatenation is compromised, truthful stores whitethorn not adjacent fishy that they are selling smartphones with Triada,” helium said. 

At this stage, Kaspersky researchers accidental they person recovered 2,600 confirmed infections done this scam successful antithetic countries, with the bulk of users successful Russia encountering it successful the archetypal 3 months of 2025.

 The Android devices are sold astatine reduced prices but are riddled with malware. Source: Hovatek

The Triada malware archetypal surfaced successful 2016 and is known for targeting fiscal applications and messaging apps similar WhatsApp, Facebook and Google Mail, according to cybersecurity steadfast Darktrace. It is mostly delivered done malicious downloads and phishing campaigns. 

“The Triada Trojan has been known for a agelong time, and it inactive remains 1 of the astir analyzable and unsafe threats to Android,” Kalinin said. 

The champion mode to debar falling unfortunate to this scam is to lone acquisition devices from morganatic distributors and instal information solutions instantly aft purchase, according to Kaspersky Labs. 

Other firms person besides been raising the alarm implicit caller forms of malware targeting crypto users. 

Related: Crypto exploit, scam losses driblet to $28.8M successful March aft February spike

Cybersecurity steadfast Threat Fabric said successful a March 28 report it recovered a caller household of malware that tin motorboat a fake overlay to instrumentality Android users into providing their crypto effect phrases arsenic it takes implicit the device.

On March 18, tech elephantine Microsoft said it recovered a caller distant entree trojan (RAT) that targets crypto held successful 20 wallet extensions for the Google Chrome browser. 

Magazine: Mystery celeb memecoin scam factory, HK steadfast dumps Bitcoin: Asia Express