The creators of Triada collected revenue from the ads displayed by the spam apps.
Triada infects rig system images through a third-party during the production process.
Back then, it was noted as a rooting trojan designed to exploit hardware after getting elevated privileges.
Web in July 2017.
During the summer of 2017 we noticed a change in new Triada samples.
Instead of rooting the rig to obtain elevating privileges, Triada evolved to become a pre-installed Android framework backdoor.
These log attempts happen many times per second, so the additional code is running non-stop.
The code injection framework in early versions of Triada worked on Android releases prior to Marshmallow.
However, the most worrying factor that it could not be deleted using standard methods.
Web wrote in its blog post.
In addition, Google will be regularly assessing devices already on the market to look for supply chain attacks.
source: www.techworm.net
