Triada Trojan impact root rights
Triada trojan gains root access and steals all device informationReuters

Researchers at Kaspersky Lab have discovered a new Android trojan called Triada that could be targeting smartphones. Devices running Android 4.4.4 KitKat and earlier versions of the Android OS face the greatest risk.

According to a report from the anti-virus firm, unlike other trojans that are primitive in nature, Triada is a very complex and matured malware like any PC malware and has been written by "very professional cybercriminals "with a deep understanding of the mobile". Once established in the mobile, Triada not only pulls out information about the device, but it also gains root-access, and is capable of in-app purchase theft.

"The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices. The majority of users attacked by the Trojans were located in Russia, India, and Ukraine as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device," said Nikita Buchka, junior malware analyst at Kaspersky Lab, in a statement.

Triada usually makes its way into mobiles through app installs from unknown sources or third party stores and is less likely to come via the Google Play Store. However, some apps that were downloaded from the store too have found to be infected with the malware.

"A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it's a demon whose purpose is to launch Android applications," Buchka explained.

After entering the user's device, Triada gets involved in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions.

Third party app stores have usually been a fertile ground for the malware. Elena Kovakina of Google's Android security team had earlier said that Google scans more than two million apps every week for its 1.4 billion Android users.