These counterfeit Android devices are being sold at discounted rates, but they come preinfected with a variant of the notorious Triada Trojan. This malware infects every function of the phone, providing the hackers with virtually limitless control over the device, warned Kaspersky in their April 1 statement.

Dmitry Kalinin, a cybersecurity specialist at Kaspersky, explained that the Trojan allows the perpetrators to steal cryptocurrency by switching wallet addresses once access to the device is granted. “The creators of the new Triada variant are reaping significant financial benefits. Based on transaction analysis, they’ve managed to funnel roughly $270,000 in multiple cryptocurrencies into their crypto wallets,” he shared.

However, the real figure could be much larger, as the attackers also targeted Monero, a cryptocurrency renowned for its anonymity. The Trojan also has the ability to pilfer user account details and intercept all text messages, including two-factor authentication.

The Trojan infiltrates smartphone firmware before the device even reaches consumers. Some online vendors may unsuspectingly be selling these infected phones. “The supply chain is likely compromised at some point, so sellers may unknowingly be vending smartphones infected with Triada,” Kalinin conjectured.

As of now, Kaspersky researchers have detected 2,600 instances of this scam across several countries. The majority of these cases were encountered in Russia in the first quarter of 2025.

First discovered in 2016, the Triada malware is notorious for targeting financial apps and messaging services like WhatsApp, Facebook, and Google Mail. It is typically spread via malicious downloads and phishing schemes, according to cybersecurity firm Darktrace.

“The Triada Trojan has been around for a while and continues to be one of the most sophisticated and potent threats to Android,” emphasized Kalinin. Kaspersky Labs advises consumers to protect themselves by purchasing devices only from authorized distributors and immediately installing security solutions after purchase.

Other cybersecurity firms have been flagging novel forms of malware targeting crypto users. On March 28, Threat Fabric reported finding a new malware family that baits Android users into revealing their crypto seed phrases by launching a misleading overlay as it assumes control of the device.

Earlier, on March 18, tech behemoth Microsoft discovered a new remote access trojan (RAT) that targets cryptocurrency stored in 20 wallet extensions for the Google Chrome browser.

The post Beware of Fraudulent Phones Preloaded with Crypto-Stealing Malware appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.