Cape Town – Android smartphones running older versions of the operating system are at risk from a family of Trojan malware that could take over the functioning of a phone.
According to security firm Kaspersky Lab, the malware consists of a collection of three families - Ztorg, Gorpo and Leech - dubbed “Triada”.
The malware is propagated when people download applications via untrusted sources and Kaspersky said the software grants itself super user rights, which allow cyber criminals to install any software on a phone without the owner’s consent or knowledge.
It affects smartphones running Android operating systems 4.4.4 or earlier.
“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices,” said Nikita Buchka, junior malware analyst at Kaspersky Lab.
Once Triada has loaded itself on to a device, it installs a backdoor and activates two modules that have the ability to download, install and launch applications.
Difficult options
READ: Data breaches spook SA's online buyers
“A distinguishing feature of this malware is the use of Zygote - the parent of the application process on an Android device - that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications,” Kaspersky said in a statement.
The software also able to modify other applications such as SMS. Should a user make an in-app purchase via SMS, criminals are able to redirect the funds to themselves, rather than developers.
The company said that users are faced with either “rooting” Android devices or jailbreaking the Android operating system to get rid of Triada.
Kaspersky Lab found that nearly half of the top 20 Trojans in 2015 were able to grant themselves super user rights.
“The complexity of the Triada Trojan’s functionality proves the fact that very professional cyber criminals, with a deep understanding of the targeted mobile platform, are behind this malware,” said Kaspersky.
- Follow Duncan on Twitter