Hackers are selling counterfeit phones with crypto-stealing malware

Cybersecurity firm Kaspersky says it has uncovered thousands of counterfeit Android smartphones sold online with preinstalled malware designed to steal crypto and other sensitive data.
The Android devices are sold at reduced prices, cybersecurity firm Kaspersky Labs said in an April 1 statement, but are riddled with a version of the Triada Trojan that infects every process and gives the attackers “almost unlimited control” over the device.
Dmitry Kalinin, a cybersecurity expert at Kaspersky Labs, said that once the trojan grants the attackers access to devices, they can steal crypto by replacing wallet addresses.
“The authors of the new version of Triada are actively monetizing their efforts; judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets,” he said.
“However, in reality, this amount may be larger; the attackers also targeted Monero, a cryptocurrency that is untraceable.”
Among the trojan’s other capabilities are stealing user account information and intercepting incoming and outgoing texts, including two-factor authentication.
The trojan penetrates smartphone firmware even before the phone reaches users, and some online sellers might not even be aware of the ticking time bomb in the device, according to Kalinin.
“Probably, at one of the stages, the supply chain is compromised, so stores may not even suspect that they are selling smartphones with Triada,” he said.
At this stage, Kaspersky researchers say they have found 2,600 confirmed infections through this scam in different countries, with the majority of users in Russia encountering it in the first three months of 2025.
The Android devices are sold at reduced prices but are riddled with malware. Source: Hovatek
The Triada malware first surfaced in 2016 and is known for targeting financial applications and messaging apps like WhatsApp, Facebook and Google Mail, according to cybersecurity firm Darktrace. It is generally delivered through malicious downloads and phishing campaigns.
“The Triada Trojan has been known for a long time, and it still remains one of the most complex and dangerous threats to Android,” Kalinin said.
The best way to avoid falling victim to this scam is to only purchase devices from legitimate distributors and install security solutions immediately after purchase, according to Kaspersky Labs. Other firms have also been raising the alarm over new forms of malware targeting crypto users. Related: Crypto exploit, scam losses drop to $28.8M in March after February spike Cybersecurity firm Threat Fabric said in a March 28 report it found a new family of malware that can launch a fake overlay to trick Android users into providing their crypto seed phrases as it takes over the device. On March 18, tech giant Microsoft said it found a new remote access trojan (RAT) that targets crypto held in 20 wallet extensions for the Google Chrome browser. Magazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express
Bitcoin (BTC) $ 117,078.00
Ethereum (ETH) $ 2,968.60
XRP (XRP) $ 2.82
Tether (USDT) $ 1.00
BNB (BNB) $ 690.26
Solana (SOL) $ 162.60
USDC (USDC) $ 0.999851
Dogecoin (DOGE) $ 0.206249
TRON (TRX) $ 0.299527
Cardano (ADA) $ 0.746366
Lido Staked Ether (STETH) $ 2,944.43
Hyperliquid (HYPE) $ 45.51
Wrapped Bitcoin (WBTC) $ 116,740.00
Wrapped stETH (WSTETH) $ 3,574.49
Sui (SUI) $ 3.49
Stellar (XLM) $ 0.373719
Chainlink (LINK) $ 15.60
Bitcoin Cash (BCH) $ 532.09
Avalanche (AVAX) $ 21.22
Hedera (HBAR) $ 0.202888
LEO Token (LEO) $ 8.94
Shiba Inu (SHIB) $ 0.000014
Wrapped eETH (WEETH) $ 3,170.01
Litecoin (LTC) $ 97.43
Toncoin (TON) $ 2.98
WETH (WETH) $ 2,954.49
USDS (USDS) $ 0.999628
WhiteBIT Coin (WBT) $ 46.61
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.997750
Polkadot (DOT) $ 4.02
Monero (XMR) $ 325.49
Coinbase Wrapped BTC (CBBTC) $ 116,900.00
Pepe (PEPE) $ 0.000013
Ethena USDe (USDE) $ 0.999652
Uniswap (UNI) $ 8.75
Bitget Token (BGB) $ 4.52
Aave (AAVE) $ 307.16
Pi Network (PI) $ 0.483428
Bittensor (TAO) $ 387.50
Dai (DAI) $ 0.999841
Aptos (APT) $ 5.00
NEAR Protocol (NEAR) $ 2.58
Cronos (CRO) $ 0.101022
Ethena Staked USDe (SUSDE) $ 1.18
OKB (OKB) $ 50.04
Internet Computer (ICP) $ 5.48
Ondo (ONDO) $ 0.912240
Jito Staked SOL (JITOSOL) $ 199.16
Ethereum Classic (ETC) $ 18.75
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Kaspa (KAS) $ 0.089078
sUSDS (SUSDS) $ 1.06
Ethena (ENA) $ 0.344632
USD1 (USD1) $ 0.999668
Cosmos Hub (ATOM) $ 4.72
Mantle (MNT) $ 0.638209
VeChain (VET) $ 0.025007
POL (ex-MATIC) (POL) $ 0.232719
Arbitrum (ARB) $ 0.412584
Official Trump (TRUMP) $ 10.20
Algorand (ALGO) $ 0.228180
Render (RENDER) $ 3.76
Gate (GT) $ 16.43
Artificial Superintelligence Alliance (FET) $ 0.738823
Fasttoken (FTN) $ 4.47
Worldcoin (WLD) $ 1.08
Sei (SEI) $ 0.327293
Filecoin (FIL) $ 2.62
Binance-Peg WETH (WETH) $ 2,955.77
Sky (SKY) $ 0.082636
Bonk (BONK) $ 0.000023
Lombard Staked BTC (LBTC) $ 116,794.00
Quant (QNT) $ 115.39
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.74
Binance Staked SOL (BNSOL) $ 174.64
SPX6900 (SPX) $ 1.62
Jupiter (JUP) $ 0.491717
USDtb (USDTB) $ 0.999663
KuCoin (KCS) $ 11.33
First Digital USD (FDUSD) $ 0.990039
Kelp DAO Restaked ETH (RSETH) $ 3,090.38
Rocket Pool ETH (RETH) $ 3,367.47
Celestia (TIA) $ 1.92
USDT0 (USDT0) $ 0.999487
MemeCore (M) $ 0.869394
Pudgy Penguins (PENGU) $ 0.020756
Fartcoin (FARTCOIN) $ 1.29
NEXO (NEXO) $ 1.27
Injective (INJ) $ 12.78
Flare (FLR) $ 0.017688
XDC Network (XDC) $ 0.076279
Story (IP) $ 4.22
Optimism (OP) $ 0.683265
Virtuals Protocol (VIRTUAL) $ 1.80
Stacks (STX) $ 0.757929
Sonic (S) $ 0.359380
Mantle Staked Ether (METH) $ 3,171.40
StakeWise Staked ETH (OSETH) $ 3,095.66
Solv Protocol BTC (SOLVBTC) $ 116,194.00
Polygon Bridged USDT (Polygon) (USDT) $ 1.00