Cybersecurity firm Kaspersky has uncovered a large-scale cyber threat involving counterfeit Android smartphones loaded with preinstalled malware designed to steal cryptocurrencies and sensitive user data. These devices, sold at significantly reduced prices online, come with a dangerous variant of the Triada Trojan, a malicious software that grants attackers extensive control over the infected phones. In an April 1 statement, Kaspersky Labs revealed that this version of Triada is capable of replacing wallet addresses during crypto transactions, redirecting funds to hackers’ wallets without the user’s knowledge. Dmitry Kalinin, a cybersecurity expert at Kaspersky, stated that an estimated $270,000 worth of cryptocurrencies had already been stolen, though the real figure could be much higher, especially given the malware’s ability to target Monero (XMR)—a privacy-focused cryptocurrency known for its untraceability. Beyond financial theft, the malware can intercept text messages, steal account credentials, and bypass two-factor authentication (2FA), making it a formidable threat to crypto users. Kaspersky researchers have confirmed 2,600 infections across various countries, with most cases emerging in Russia during the first quarter of 2025. A Supply Chain Breach Kaspersky’s findings suggest that the malware is embedded into the firmware before the devices even reach consumers, hinting at a possible supply chain compromise. Kalinin noted that even legitimate retailers may be unknowingly selling infected phones. “Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada,” he explained. Triada isn’t a new threat—it first emerged in 2016 and has evolved into one of the most sophisticated Android-based malware strains. It has historically been distributed through phishing campaigns and malicious app downloads . However, this latest scheme marks an alarming shift, as the malware is now preinstalled on brand-new devices, making it nearly impossible for users to detect before purchase. Other New Crypto Malware Threats Emerging Kaspersky isn’t the only firm raising alarms about rising crypto malware attacks . Threat Fabric, another cybersecurity company, reported on March 28 that a new malware family had emerged, designed to overlay fake screens and trick users into revealing their crypto seed phrases. Meanwhile, on March 18, Microsoft disclosed its discovery of a Remote Access Trojan (RAT) targeting crypto held in over 20 Chrome browser wallet extensions. The post Malware-Infested Android Phones Sold Online: Cyber Threat Details appeared first on TheCoinrise.com .
