Hackers Are Selling Fake Smartphones with Crypto-Stealing Malware

Cybercriminals have found a new way to exploit unsuspecting users by selling counterfeit Android smartphones preloaded with malware designed to steal cryptocurrency and sensitive data.

Thousands of Infections Reported

A recent investigation by cybersecurity firm Kaspersky has uncovered thousands of these compromised devices being sold online at discounted prices. According to their findings, at least 2,600 confirmed infections have been detected across multiple countries, with Russia being the most affected.

The preinstalled malware, a variant of the notorious Triada Trojan, grants attackers near-complete control over the infected devices. Once activated, it allows them to steal cryptocurrency by swapping wallet addresses during transactions.

A Costly Scam

Dmitry Kalinin, a cybersecurity expert at Kaspersky, highlighted the financial damage caused by this sophisticated scheme:

“The authors of the new version of Triada are actively monetizing their efforts; judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets. However, in reality, this amount may be larger; the attackers also targeted Monero, a cryptocurrency that is untraceable.”

Beyond stealing funds, the malware can intercept text messages, including two-factor authentication codes, and extract personal user data.

Hidden Threats in the Supply Chain

What makes this threat even more alarming is that the malware is embedded in the smartphone’s firmware before it even reaches the end user. Some sellers may unknowingly distribute infected devices, making it difficult for buyers to identify the risk. Kalinin explains:

“Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada.”

Also Read: Top Crypto Payment Processors for Businesses

The Persistent Threat of Triada

Triada isn’t new – it was first identified in 2016 and has been a persistent threat to Android users ever since. It primarily targets financial applications and messaging services like WhatsApp, Facebook, and Google Mail. The malware is typically spread through phishing scams and malicious downloads, but its presence in pre-installed firmware marks a dangerous evolution in cyber threats.

“The Triada Trojan has been known for a long time, and it still remains one of the most complex and dangerous threats to Android,” Kalinin warned.

Related: Crypto Scam Reporting Must Come ‘Under One Umbrella,’ – Coinbase CSO

How to Protect Yourself

With cyber threats evolving, it’s crucial to take precautions when purchasing new devices. Kaspersky recommends:

• Buy from trusted sources – Only purchase smartphones from reputable distributors and manufacturers.
• Install security software – A strong antivirus solution can detect and remove malicious software before it causes harm.
• Be cautious with updates – Avoid downloading suspicious files or apps from unknown sources.

A Growing Concern for Crypto Users

The rise of malware targeting cryptocurrency users is not slowing down. Cybersecurity firm Threat Fabric recently reported a new malware strain capable of tricking Android users into revealing their crypto seed phrases through fake overlays.

Meanwhile, on March 18, Microsoft identified a remote access trojan (RAT) targeting crypto wallets through extensions on the Google Chrome browser.

As cybercriminals develop more sophisticated methods, staying vigilant and securing digital assets is more important than ever.