🎁 Airdrop Season 7 is LIVE - Answer Fun Questions to Earn $30K Prize Pool Rewards. JOIN NOW!

Triada Trojan Secretly Draining Crypto from Android Devices

Key Takeaways

  • ​Discounted Android smartphones are being sold with pre-installed malware that steals crypto and personal info;
  • The Triada malware allows attackers to reroute cryptocurrency transactions and read private messages;
  • Over 2,600 infected smartphones have been found, with $270,000 in cryptocurrency stolen.

Free Airdrop Season 7 is LIVE! Answer fun questions or do simple tasks to earn rewards from the $30K BitDegree prize pool. Participate Now ! 🔥

Triada Trojan Secretly Draining Crypto from Android Devices

Android smartphones sold online at discounted prices are being shipped with hidden malware that can steal crypto and personal data, according to an April 1 report from the cybersecurity firm Kaspersky.

The malware, known as Triada, allows attackers to access nearly everything on the phone. It can read text messages, gather login details, and change cryptocurrency wallet addresses during transactions. This lets the attackers quietly move funds to their own accounts without the user noticing.

Kaspersky found that around $270,000 of digital assets had already been moved to wallets linked to the attackers. However, this number may be higher, especially since they also targeted Monero XMR $216.15 , a type of cryptocurrency that is difficult to trace.

What is an Automated Market Maker in Crypto? (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What makes the threat harder to detect is that the malware is installed before the phone ever reaches the buyer. Some sellers may be unaware that the devices they offer are already compromised. Kaspersky's experts believe that somewhere along the supply chain—perhaps during production or shipment—the phones are being tampered with.

Over 2,600 infections have been confirmed, mostly in Russia, and all reported within the first three months of 2025. Triada, which has been around since 2016, was initially used to target financial apps and messaging platforms like WhatsApp and Gmail, which often spread through fake apps or misleading links.

According to Dmitry Kalinin from Kaspersky, Triada remains one of the most serious threats to Android users, as it gives attackers ongoing access without the victim realizing it.

On March 28, ThreatFabric, a cybersecurity company, discovered an Android malware called Crocodilus. How does this malware work? Read the full story.

Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.

Loading...
binance
×
Verified

$600 WELCOME BONUS

Earn Huge Exclusive Binance Learners Rewards
5.0 Rating