Do you think you just got a 'bargain' by buying a cheap smartphone? You could very well be becoming the target of one of the most dangerous types of malware today – and your crypto may no longer be safe.
Fake phone, real money lost
According to the latest report from cybersecurity company #Kaspersky , more than 2,600 Android users have fallen victim to the Triada Trojan malware, which was pre-installed on cheap counterfeit phones before reaching users.
These devices look like ordinary smartphones, but they have actually been tampered with right from the supply chain, making even the sellers unaware that they are distributing malware-infected devices.
Triada Trojan – The invisible crypto thief
Triada has been around since 2016 and has since become one of the most dangerous malware for the Android operating system. The latest version recorded in March 2025 indicates:
Malware is deeply embedded in the phone's operating system, making it difficult to detect or remove.
Can gain root access and directly interfere with system processes like Zygote – the processor that launches all Android applications.
Allows hackers full remote control of the device, including:
Stealing social media account information (Telegram, TikTok, etc.)
Changing the crypto wallet address during transactions
Impersonating and sending messages from the victim's own device
Changing the phone number during calls – an extremely sophisticated act for eavesdropping and intercepting sensitive information
Organized attacks from the supply chain
Mr. Dmitry Kalinin – Kaspersky's cybersecurity expert – stated:
“It is likely that the devices were infected with malware at some point in the supply chain before reaching users. This makes it difficult for stores to detect risks from these devices.”
From March 13 to 27, 2025, Kaspersky recorded at least 2,672 affected devices, but they warn this is just the tip of the iceberg, as many victims may still be unaware that they have been monitored and had their data stolen.
Crypto under the spotlight
The scariest thing about Triada is its clear target on crypto users:
Replacing wallet addresses when copy-pasting, causing money to be sent but not to the right person.
Impersonate the wallet application interface, tricking users into entering their recovery phrase (seed phrase).
Blocking or interrupting anti-fraud measures, causing the victim to be deceived without knowing.
Notably, Triada does not operate like regular viruses – it mainly runs on RAM and can hide itself from common antivirus applications.
Expanding threat: New Crocodilus malware emerges
Kaspersky also warns of a new type of malware recently emerged called Crocodilus, which impersonates cryptocurrency wallet applications to steal seed phrases and control devices remotely. This indicates that malware targeting crypto users is becoming increasingly sophisticated and dangerous.
How to protect your device and digital assets?
Kaspersky recommends users to:
✅ Only buy phones from official sources or reputable retailers
✅ Avoid using applications from unclear sources, especially those that require deep access permissions
✅ Install reliable security software that is regularly updated
✅ Always check the wallet address very carefully before transferring money, especially when copy-pasting
✅ Absolutely do not share your seed phrase, even with seemingly 'official' applications
Conclusion: A cheap smartphone can cause you to lose your crypto wallet
The return of Triada shows that the market for counterfeit and cheap phones #Android is an extremely dangerous weakness in digital security, especially for crypto users. In an era where everything is connected, an insecure device can cause your digital assets to vanish in an instant.
Be cautious: Cheap prices can be a trap, especially when it comes to crypto.
⛔ Risk Warning: The cryptocurrency market always poses many risks, especially when accompanied by cybersecurity threats such as malware and malicious software. Always stay informed, protect your wallets and personal devices, and only use reliable applications and devices to limit the risk of asset loss. #anhbacong