A hacker trick Google to install a backdoor on Android phones around the world; how did he do it?

According IT security audit service specialists, Google recently recognized that a group of cybercriminals discovered a backdoor preinstalled on Android devices during the year 2017.

The backdoor, known as Triada, was reported for the first time by researchers from the Kaspersky firm; in their first report, experts mentioned that this was one of the most advanced mobile device Trojans that existed back then.

After its installation, Triada sought to install malicious applications for the sending of spam and advertisements. According to experts in IT security audit service specialists, Triada has a wide range of resources, mainly to conduct rooting attacks and evade pre-installed protections on Android devices and get access to the installed apps.

A couple of years ago, the security firm Dr. Web also published a report that made mention of this backdoor, claiming that Triada was incorporated in the firmware of multiple Android devices; attackers would have used the backdoor to install some modules inadvertently.

Since the backdoor was built into one of the operating system libraries, it was not possible to eliminate it using conventional techniques, explained the IT security audit service specialists.

Google confirmed the existence of the backdoor, although it did not explicitly mention the affected manufacturers. “Triad infects the images of the compromised system through a third party in the production process of the devices. On occasions, Original Equipment Manufacturers (OEM) include functions that are not part of the Apple Open Source project (AOSP), such as biometric unlocking. OEMs associate with third parties to develop these new features by sending the complete system image to these third parties for the development of the additional functions”, mentions the Google statement.

The most recent version of the backdoor was included “discretely” in the system image as part of a code developed by third parties to implement additional functions at OEM’s request; According to specialists from the International Institute of Cyber Security (IICS) Google has been working with Android OS device manufacturers to ensure that this malicious function has been completely eliminated from the devices’ firmwares.