Intercepted Calls and Eavesdropping: The Rise of Triada Malware

A new variant of the Triada malware family has emerged, targeting Android devices by intercepting and modifying outgoing calls. This malware replaces legitimate phone numbers with fraudulent ones, redirecting users to premium-rate numbers or enabling eavesdropping on sensitive communications. It operates stealthily, leaving most users unaware of the manipulation.

The initial infection typically occurs through unofficial app stores and compromised applications that request excessive permissions. Once installed, the malware exploits privilege escalation vulnerabilities to gain system-level access, allowing it to monitor and modify the Android telephony subsystem.

Kaspersky researchers identified the threat after investigating unusual patterns of call redirections reported by telecommunications providers. Their analysis revealed that the malware uses a previously unseen technique to hook into the Android dialer framework, representing a significant evolution in mobile threat capabilities.

Thousands of devices are already compromised across Eastern Europe, with infections gradually spreading to Western Europe and North America. Financial losses from fraudulent premium-rate calls have exceeded an estimated $2 million, with additional risks of sensitive information being compromised during intercepted business calls.

The firm recommends sourcing smartphones exclusively from authorized distributors and deploying security solutions like Kaspersky for Android to detect such threats. Triada remains a persistent reminder of supply chain vulnerabilities in mobile ecosystems.