Kaspersky warning over Android Triada Trojan 'as complex as any Windows malware'

Some 60 per cent of Android devices at risk, claims Kaspersky

Security software company Kaspersky has warned that a new trojan targeting Android devices is as sophisticated as any Windows malware, and poses a threat to some 60 per cent of Android devices.

Anyone running Android 4.4.4 or earlier is at risk, warned Kaspersky, who claimed that the malware was created by "very professional cyber criminals" and can enable in-app purchase theft and all the problems that come with privilege escalation.

"Triada is as complex as any malware for Windows, which marks a kind of Rubicon in the evolution of threats targeting Android," the company said. "Whereas previously, the majority of trojans for the platform were relatively primitive, new threats with a high level of technical complexity have now come to the fore."

Android users are at risk if they download apps from untrusted sources, but Kaspersky said in a blog post that the apps can "sometimes" make their way onto the official Android store.

"A distinguishing feature of this malware is the use of Zygote, the parent of the application process on an Android device that contains system libraries and frameworks used by every application installed on the device. In other words, it's a demon whose purpose is to launch Android applications," Kaspersky explained.

"This is the first time technology like this has been seen in the wild. Prior to this, a trojan using Zygote was known only as a proof-of-concept. The stealth capabilities of this malware are very advanced.

"After getting into the user's device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using anti-malware solutions."

The security firm added that the complexity of Triada's functionality proves that professional cyber criminals with a deep understanding of the targeted mobile platform are behind the creation of this malware.

Kaspersky warned that it is almost impossible to rid a device of the malware if it is infected.

"Once Triada is on a device, it penetrates almost all the running processes, and continues to exist in the memory only. In addition, all separately running trojan processes are hidden from the user and other applications. As a result, it is extremely difficult for the user and antivirus solutions to detect and remove the trojan."

To hear more about security challenges, the threats they pose and how to combat them, sign up for Computing's Enterprise Security and Risk Management conference on 24 November. It's free for qualifying end users