Beware of Fake Android Phones: Malware That Steals Your Crypto

Imagine this: purchasing a brand new Android phone at a discount, only to find out later that hackers have been monitoring you from the beginning. That is precisely what is happening with thousands of individuals who accidentally bought counterfeit Android smartphones with a lethal malware known as the Triada Trojan. 

Cybersecurity company Kaspersky recently found out that the phones, which were also being sold online at discounted rates, come pre-installed with this malware that grants hackers full control over the phone.

How This Malware Steals Your Money and Data

According to Dmitry Kalinin, a cybersecurity expert at Kaspersky, the Triada Trojan allows hackers to do pretty much anything they want with an infected phone. The most dangerous trick it pulls? Stealing cryptocurrency. When users try to send crypto, the malware silently changes wallet addresses, directing funds straight into the hackers’ pockets. 

Kaspersky researchers found that at least $270,000 worth of crypto has already been stolen, but the actual amount could be much higher. The attackers also target Monero (XMR), a privacy-focused cryptocurrency that’s difficult to trace.

The Scary Part: The Malware Is Already on the Phone When You Buy It

This isn’t just any virus you pick up from a bad website or a shady app—it’s already installed on the phone before you even open the box. Kaspersky believes that the malware gets embedded somewhere in the supply chain, meaning even some online sellers may have no idea they are selling compromised devices. That means anyone buying these phones is at risk before they even turn the device on.

Who’s at Risk and How to Stay Safe

So far, Kaspersky has identified 2,600 infected phones, with most cases showing up in Russia in the first three months of 2025. However, since the Triada Trojan has already present since 2016, it has the capability of showing up anywhere globally. This malware is specifically famous for affecting financial applications, including popular software like WhatsApp, Facebook, and Google Mail.

To stay safe:

• Always buy smartphones from trusted retailers. If the price seems too good to be true, it probably is.
• Install security software as soon as you get a new phone. A good antivirus can sometimes detect hidden threats.
• Double-check wallet addresses before sending cryptocurrency. If anything looks off, cancel the transaction immediately.

Other New Malware Targeting Crypto Users

Unfortunately, Triada Trojan is not the only threat in the virtual space. Threat Fabric recently discovered another malware that dupes Android users into relinquishing their crypto seed phrases by presenting them with fake login screens. Meanwhile, Microsoft announced on March 18 the discovery of a new remote access trojan (RAT) designed to steal crypto wallets held within Google Chrome extensions.

As cybercrooks grow more savvy, staying safe on the web is more important than ever. If you use cryptocurrency, take the extra step to protect your cash. Watch where you buy your phone, use security software, and be on the lookout for new scams. In today’s age, being informed is your best defense.