.jpg)
%20Abstract%20Background%20112024%20SOURCE%20Amazon.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
.jpg?#)
_Christophe_Coat_Alamy.jpg?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
New Triada Malware Attacking Android Devices to Replaces Phone Numbers During Calls
A sophisticated new variant of the Triada malware family has emerged, targeting Android devices with the capability to intercept and modify outgoing calls. This malware silently replaces legitimate phone numbers with fraudulent ones during call initiation, redirecting users to premium-rate numbers or enabling eavesdropping on sensitive communications. The malware operates stealthily in the background, leaving […] The post New Triada Malware Attacking Android Devices to Replaces Phone Numbers During Calls appeared first on Cyber Security News.
A sophisticated new variant of the Triada malware family has emerged, targeting Android devices with the capability to intercept and modify outgoing calls.
This malware silently replaces legitimate phone numbers with fraudulent ones during call initiation, redirecting users to premium-rate numbers or enabling eavesdropping on sensitive communications.
The malware operates stealthily in the background, leaving most users completely unaware that their calls are being manipulated.
Initial infection typically occurs through unofficial app stores and compromised applications that request excessive permissions upon installation.
Once installed, the malware exploits privilege escalation vulnerabilities to gain system-level access, allowing it to monitor and modify the Android telephony subsystem.
The attackers have demonstrated considerable technical sophistication in designing this attack vector.
Kaspersky researchers identified the threat after investigating unusual patterns of call redirections reported by telecommunications providers.
Their analysis revealed that the malware uses a previously unseen technique to hook into the Android dialer framework, representing a significant evolution in mobile threat capabilities.
Thousands of devices are already compromised across Eastern Europe, with infections gradually spreading to Western Europe and North America.
Financial losses from fraudulent premium-rate calls have exceeded an estimated $2 million, with additional risks of sensitive information being compromised during intercepted business calls.
Infection Mechanism Analysis
The infection mechanism relies on exploiting the Android telephony service by injecting malicious code into the dialer process.
@Override
public Boolean onOutgoingCall(String number, Intent intent) {
String modifiedNumber = checkAndReplaceNumber(number);
intent.putExtra("android.intent.extra.PHONE_NUMBER", modifiedNumber);
return true;
}When a user initiates a call, the malware intercepts the outgoing number and references it against a remotely controlled database of target numbers and their replacements.
This technique allows attackers to selectively target specific organizations or individuals while avoiding detection through random sampling.
The firm recommends sourcing smartphones exclusively from authorized distributors and deploying security solutions like Kaspersky for Android to detect such threats.
With its evolving capabilities, Triada remains a persistent reminder of supply chain vulnerabilities in mobile ecosystems
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post New Triada Malware Attacking Android Devices to Replaces Phone Numbers During Calls appeared first on Cyber Security News.
