Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

Triada & Horde updated and actively targeting Androids

Paul Anderson by Paul Anderson
June 28, 2016 - Updated on June 11, 2022
in Malware, Mobile Security
0
Triada updated and targeting Android
79
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Two mobile phone versions of Triada and Horde malware were identified in the wild by Check Point analysts who advise the most recent samples now utilize dangerous new strategies including having the ability to evade Google’s security on a few OS versions.

You might also like

Emotet now utilizing Onenote for its spam campaigns

Netwire RAT seized by FBI and other worldwide police agencies

The Emotet botnet returns and is sending a slew of malicious emails

The Android Trojan labeled Triada, researchers mention, is now able to infect the Android default web browser along with three other small Android OS browsers like 360 Secure, Cheetah, and Oupeng.

Once infected, attackers can redirect URL requests. If an individual happens to go to one of a couple of specified URLs, the malware produces a spoofed website built to obtain personal financial info.

As of late, Triada’s primary purpose was to steal funds via SMS messages via in-app purchases. But, equipped with the new URL spoofing abilities, the Triada Android malware can now intercept any URL on infected phones and encourage a user to “enter credentials in a fraudulent page, or even download additional malware, without knowing he is visiting a malicious site,” wrote Oren Koriat, Check Point analyst in a blog post.

Check Point’s research follows Kaspersky Lab’s findings after they first spotted the Trojan (Backdoor.AndroidOS.Triada) and documented its ability to redirect Android browsers to malicious URLs earlier this month.

Kaspersky Lab details successful Triada infections to target the Android device by infecting the Zygote Android OS core procedure that grants attackers super-user rights. After acquiring those rights, Triada uses ordinary Linux debugging tools to embed a malicious DLL that targets one of the four listed browsers.

Check Point says the latest variant of Horde is able to monitor running processes on Android Lollipop and Marshmallow versions using a new technique to avoid detection.

“Google has invested some efforts in preventing such activity and blocked apps from calling the getRunningTasks() API. Viking Horde manages to bypass this security measure by reading the “/proc/” file system, which displays running processes, from which the malware can find the current running processes,” Koriat added.

The malware was uncovered by Check Point in May. The malware was spreading via legitimate apps, including Viking Jump which had 50,000 to 100,000 downloads, before it was removed by Google. The app even became a “top free app” in some markets, Check Point said.

Tags: androidhordeTriada
Share35Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Emotet now utilizing Onenote for its spam campaigns

by Kyle
March 26, 2023
0
Emotet now utilizing Onenote for its spam campaigns

The infamous Emotet malware has adopted a new tactic to spread its infection. Cybercriminals are now distributing the malware via email attachments in Microsoft OneNote format. The move...

Read more

Netwire RAT seized by FBI and other worldwide police agencies

by Christi Rogalski
March 16, 2023
0
Netwire RAT seized by FBI and other worldwide police agencies

The FBI, in partnership with several police agencies worldwide, has carried out an international law enforcement operation resulting in the arrest of a suspected administrator of the NetWire...

Read more

The Emotet botnet returns and is sending a slew of malicious emails

by Kyle
March 14, 2023
0
The Emotet botnet returns and is sending a slew of malicious emails

The notorious Emotet botnet, considered one of the biggest threats to internet security, has resurfaced after a prolonged hiatus, armed with new tactics. The botnet's trademark strategy of...

Read more

Update-resistant malware infects SonicWall security appliances

by Paul Anderson
March 12, 2023
0
Update-resistant malware infects SonicWall security appliances

Researchers have discovered that threat actors linked to the Chinese government are using malware to infect SonicWall's Secure Mobile Access 100, a popular security appliance, which remains active...

Read more

Fake ChatGPT websites are popping up and spreading malware

by Paul Anderson
March 1, 2023 - Updated on March 2, 2023
0
ChatGPT is found spreading malware created in Python

It was only a matter of time before hackers would start using the growing popularity of ChatGPT to spread malware and steal sensitive personal information. Recently, multiple security...

Read more
Next Post
Ukraine bank breached 10 million lost

SWIFT hackers Steal 10 Million from Ukraine bank

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.