Two mobile variants of Triada and Horde malware have been spotted in the wild by Check Point Software Technologies researchers who warn the latest samples have adopted dangerous new techniques including the ability to evade Google’s security on some OS versions.
The Android Trojan called Triada, researchers say, now is capable of infecting the Android default browser along with three other niche Android OS browsers including 360 Secure, Cheetah and Oupeng. Once infected, attackers can intercept browser URL requests. Next, if a user happens to visit one of a number of specific URLs, the malware will deliver a spoofed website designed to capture personal financial data.
Up until now, Triada main function was to steal money via SMS messages as part of in-app purchases. However, armed with the new URL spoofing capabilities, the Triada Android malware can now intercept any URL on infected phones and entice a user to “enter credentials in a fraudulent page, or even download additional malware, without knowing he is visiting a malicious site,” wrote Oren Koriat, Check Point analyst in a research blog outlining his research.