The Triada malware has affected over 200,000 devices and came pre-installed on these devices. Secure-D blocked over 800,000 suspicious service-related transactions coming from Tecno W2 devices. The low-cost smartphone is mainly sold in African countries like Ethiopia, Cameroon, Egypt, Ghana & South Africa.
Privacy is the main concern for every smartphone user. Lately, we have seen multiple smartphone companies getting caught red-handed with stealing data of customers or some malicious applications secretly snatching the personal information of the user without their consent.
While most of the companies that have been exposed for privacy-related concerns are from Chinese origin, there is one company, who has left its customers at the hand of a malware. The company here is Transsion Holdings. The Chinese brand, which has managed to make its presence felt in the Indian smartphone market, has been under limelight for adding a pre-installed malware known as Triada, in Africa. As per the report, the Tecno W2 devices came with Triada-related malware.
The notorious malware basically downloads apps on the phone without any consent of the user and it also signs up to subscriptions without getting any permission from the user. The malware also adds a second malware known xHelper, which then initiates the click/subscription fraud. This has resulted in around 19.2 million suspicious subscription-related transactions recorded from over 200,000 unique devices.
How does Triada malware affect the devices?
The Triada malware injects a malicious code (also known as a trojan) called xHelper onto the affected devices. This trojan then remains on the device even after reboots or factory resets which makes it extremely difficult to remove it from the device. When connected to the correct network, the malware then quitely downloads various applications and it starts to make fraudulent subscriptions requests. All this happens automatically and the user is not aware of the fraudulent subscription made from their smartphone.
For example, Music services, a yearly-subscription for a premium app, etc. The users are facing unexpected high amounts of bills and over-usage of data. These transactions were blocked by Secure-D, which is an anti-fraud platform. The report highlights that Secure-D blocked nearly 800,000 xHelper suspicious requests coming from W2 handsets between March and December 2019. This breach affected the low-income group as the smartphone is sold for around $30 in the African market. The low-cost smartphone is mainly sold in African countries like Ethiopia, Cameroon, Egypt, Ghana and South Africa.
What Transsion has to say about this malware?
Transsion told The Mobile Indian that the malware was identified by the company and it released the fix to all the customers on March 20, 2018. “TECNO identified the Triada issue back on March 1st 2018 with a certain version of W2 as the only infected W2 device across all series of TECNO mobile phones. At the initial time of detecting the issue, we put together a security team to work on the solution and released the first official OTA fix to consumers on March 20th 2018 with rigorous system tests and GMS tests set out by Google. By April 30th, 2018, the official OTA fixes adapted for different versions of W2 devices were released, assuring that the problem was fixed once the consumer accepted the system update by installing the fix. For current W2 consumers that are potentially facing Triada issues now, they are highly recommended to download the OTA fix through their phone for installation or contact TECNO’s after-sales service support for assistance if any questions.” a company spokesperson told The Mobile Indian.
Tecno further added that it keeps consumers' data security and products on top priority and the brand assures that every single software installed on its devices runs through a series of rigorous security checks. “Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS and VirusTotal test. In addition, a 90-day security patch update is periodically delivered to TECNO consumers to ensure that the security of our products and protection of consumers’ devices from malware infection isn’t compromised,” the spokesperson added.
“About xHelper, whose behaviour was similar to Triada, was a separate global mobile security issue firstly appeared in 2019. We have deployed professional security tools such as GMS BTS and VirusTotal to detect the xHelper issue since last November. All TECNOs new product releases and software maintenance releases for old products must go through the test. No reports of xHelper have ever been detected since then,” the spokesperson said.
Somethings does not add up here!
As per the spokesperson, the company identified the malware and took the actions to stop the attack from happening. However, some key questions still remain unanswered.
The first and foremost question here is why the malware was pre-installed in the first place? We have seen many smartphone companies adding some pre-installed applications on their smartphones. We have seen prime examples of Xiaomi and other Chinese companies that deliberately add pre-installed applications on a new smartphone. Though it creates a new channel of revenue for the brand, but it becomes a frustrating thing for a smartphone user. But, in this case, adding a pre-installed malware in a smartphone is another level of low. After all, a pre-installed malware does not magically appear in a smartphone. The company should give justification on how the pre-installed malware was added to the smartphone.
The second question that still remains unanswered is that if the company has rectified the problem, then why was it still prevalent in the smartphone. The report highlights that Secure-D blocked a total of 19.2m suspicious subscription sign-ups between March 2019 to August 2020, coming from over 200k unique Transsion Tecno W2 devices across 19 countries. Tecno said that it rolled out an update in April 2018 to stop this malware. So, the question here is, how did the malware was detected by the security firm between March 2019 to August 2020. This clearly indicates that the security patches didn’t reach the end customers on time, which has resulted in massive fraudulent subscriptions and downloads of apps on the Tecno W2 smartphone.
Transsion has blamed an unnamed malicious supplier within the supply chain of the Tecno device. Upon further inspection, no signs of malware were detected on other phone models made by Infinix, Itel which are also the sub-brands of Transsion just like Tecno. This means that the hackers were able to infiltrate the company’s supply chain to induce this malware. It is high time for smartphone brands to make sure such incidents do not take place in future.
You might like this