Name of Malware: Triada (APK. Triada)

Type of Malware: Banking trojan, downloader

Affected Operating System: Android

Affected Device Types: Mobile phones, smartphones, tablets

Impact:high

What is Triada?

Triada is a trojan for Android devices.

Triada's primary function is to record text messages. For example, it intercepts in-app purchases via text message and redirects payments made.

Triada downloads other malware from a server and runs these programs.

How did I get infected with Triada?

There are two potential routes of infection.

1. The malware is pre-installed on the device firmware and therefore does not require any interaction on the part of the user. The malicious program is already installed on the smartphone at the time of purchase.
2. Various other trojans are also capable of downloading this malware.

What do I have to do now?

If the malware has been downloaded, the affected device can be disinfected by deleting the app. To remove the app, the user can activate Android's safe mode.

If the malware cannot be removed using conventional security solutions because it was installed as part of the firmware, we recommend that users contact the manufacturer of their phone for a firmware update.

Further information can be found under Removing infections on smartphones and tablets.

Technical specifications

Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.