Triada Malware Found On Cheap Chinese Handsets

More Malware Found on Cheap Chinese Handsets


In line with recent reports surrounding popular Amazon smartphone manufacturer Blu, security researchers have found new malware on a number of cheap chinese handsets.

The researchers have found that a range of smartphones from two Chinese manufacturers are packed with pre-installed malware. The two manufacturers to watch out for are Leagoo and Nomu.

In their research, the security researchers found that whilst not all models from these manufacturers had been infected, they commonly find malware on the Leagoo M5 Plus, the Leagoo M8, the Nomu S10, and the Nomu S20.

All four of these handsets are specifically designed as cheap Chinese handsets to draw in sales from those unable to afford premium handsets such as the Galaxy S8 or the Galaxy S8 Plus.

The team responsible for the research are Dr. Web, a Russian cyber security provider. According to Dr. Web, these four smartphones, along with some others, had a malware deeply embedded into the Android OS Zygote core process.

Cheap Chinese Handsets 2

The malware has been seen before and had previously been dubbed as the Triada trojan. Back in 2016, the trojan was found to be used to steal online banking information. The same trojan could also steal login details for other accounts, use SMS tracking to steal user information, download browser history information and force apps to be installed onto the system. Typically, the installed apps would be adware or applications that forced adverts to appear on the home screen.

Interestingly, in the case of the smartphones listed above, the Triada trojan was baked into the core operating system, which meant the malware operators could remotely take action of infected devices and perform any action that you’d be able to perform if you physically had access to the device.

It’s most likely that both Leagoo and Nomu manufacturing plants were compromised and the malware was installed by a third party. Unfortunately, we have very little to go on besides pure speculation at this point. Neither Leagoo nor Nomu has yet made a statement about the compromise.


Whilst it was likely that this was an attack on both Leagoo and Nomu, in the past manufacturers have run their own malware schemes. For example, companies like Ragentek have, in the past, installed data tracking tools into their smartphone hardware that could be used to sell data to malicious third parties.


As always, buying cheap Chinese handsets carries a lot of risks. If you care about your online safety and privacy, you should always purchase a smartphone from a trusted brand. Whilst a lot of Chinese manufacturers cannot be trusted, some manufacturers such as Xiaomi are just as trustworthy as big western manufacturers such as Samsung or LG.

Cheap Chinese Handsets 3

In all cases, you should consider using two-factor authentication when logging into services such as online banking to avoid malicious third parties from stealing your bank account details. If you do use two-factor authentication, it’s important that you log in from another platform, such as a desktop PC, and then use your smartphone as the second authentication. The first level of authentication would, of course, be your online baking login name and password.

You might also like More from author

Leave A Reply

Your email address will not be published.