Why you should be serious about Android security in 2016?

Lately Kaspersky Lab reported that it spotted the most advanced Android Malware called as TRIADA TROJAN. One of the most sophisticated Android RAT ever

 Reversing Triada (Backdoor.AndroidOS.Triada) made the engineers feel shocked after they saw the way the malware used stealth methods to compromise Android devices. The method used by Triada is not seen in any malwares till date. What makes it more special is the vast majority of android users it can target. Welcome to 2016, were you will see such malwares affecting android security .

The Triada Trojan is able to infiltrate all process running on the mobile devices gaining persistence, as explained by researchers Nikita Buchka and Mikhail Kuzin from Kaspersky Lab. Read for more details here.


“Considering the aforementioned modular architecture and privileged access to the device, the malware can create literally anything. The capabilities of the uploaded modules are limited only by the imagination and skills of the virus writers. These malicious programs (the app loader and the modules that it downloads) belong to different types of Trojans, but all of them were all included in our antivirus databases under the name Triada.” read it here – blogpost 

Triada is using the advertising botnet to quickly spread around devices. Previous malwares like  Leech, Ztorg, AndroidOS.Iop.and Gorpo. Used the same attack vector, which can be deployed easily.

zygote_en_2-768x1000                                                                      How Triada infects Zygote process



The malware can run on each application by establishing its code using the Zygote parent process on all the apps on the device

 “A distinctive feature of the malicious application is the use of the Zygote process to implement its code in the context of all the applications on the device. The Zygote process is the parent process for all Android applications. It contains system libraries and frameworks used by almost all applications. This process is a template for each new application, which means that once the Trojan enters the process, it becomes part of the template and will end up in each application run on the device. This is the first time we have come across this technique in the wild; Zygote was only previously used in proof-of-concepts.”

Triada is programmed to attain sophisticated untraceable financial fraud, mostly by hijacking the SMS transactions. The capabality of the malware is very huge and its architecture can be learned here.

Whats puzzling the researchers is that this malware is very hard to detect because it majorly operates in RAM with root privileges with which it alters system files, it then hides its next modules from the running services and processes.

In this year 2016 we will see more on these malware kinds mostly exploiting the mobile devices. May be this may the year cyber criminals bring more sophisticated ransomware and malwares to mobile devices like Triada. Andorid security has always been under questions. To keep out of these infections, do take special care when using 3rd party applications. Stay safe. Stay secure.

Special Thanks to Kaspersky Lab

Nikita Buchka and Mikhail Kuzin


3 thoughts on “Why you should be serious about Android security in 2016?

  1. Hey! I am also a professor. I appreciate you for providing such an amazing piece. Being from Empire , has presented me with a effective knowledge on what is involved to drive to Indian Springs. we will go on to come and visit your blog site to better appreciate where to go after we get to woodstock. Be sure to keep on blogging and offer us your memories on University of Northwestern Ohio (OH). Promise to see you before long at the new job fair at Amerada Hess Corporation. Bye.

Leave a Reply

Your email address will not be published. Required fields are marked *