Do you think you just got a "bargain" when buying a cheap smartphone? You may very well be becoming a target of one of the most dangerous malware today – and your crypto may no longer be safe.
Fake phones, real money lost
According to the latest report from the cybersecurity company #Kaspersky , more than 2,600 Android users have fallen victim to the Triada Trojan malware, which is pre-installed in counterfeit cheap phones before reaching users.
These devices look like ordinary smartphones, but they have actually been tampered with right from the supply chain, making it possible that even the retailers may not know they are distributing infected devices.
Triada Trojan – The invisible crypto thief
Triada has been around since 2016 and has since become one of the most dangerous malware for the Android operating system. The latest version recorded in March 2025 shows:
Malware is deeply embedded in the phone's system kernel, making it hard to detect or remove.
Can gain root access and directly interfere with system processes like Zygote – the launcher for all Android applications.
Allows hackers full remote control of the device, including:
Stealing social media account information (Telegram, TikTok, etc.)
Changing crypto wallet addresses during transactions
Impersonating and sending messages from the victim's own device
Changing phone numbers during calls – a highly sophisticated act for eavesdropping and intercepting sensitive information
BTCUSDTPerp.67,804.8-0.85%
Organized attacks from the supply chain
Mr. Dmitry Kalinin – cybersecurity expert at Kaspersky – remarked:
"Devices have likely been infected with malware at some point in the supply chain before reaching users. This makes it difficult for stores to detect risks from these devices."
From March 13 to 27, 2025, Kaspersky recorded at least 2,672 affected devices, but they warned that this is just the tip of the iceberg, as many victims may still be unaware that they have been monitored and had their data stolen.
Crypto under scrutiny
The scariest thing about Triada is its clear target on crypto users:
Replacing wallet addresses when copy-pasting, causing money to be sent but not to the right person.
Fake the interface of wallet applications, tricking users into entering recovery phrases (seed phrases).
Blocking or interrupting anti-fraud measures, causing victims to be deceived without realizing it.
Notably, Triada does not operate like typical viruses – it primarily runs on RAM and can hide from common antivirus applications.
Expanded threat: More Crocodilus malware emerges
Kaspersky also warns of a new type of malware recently emerged called Crocodilus, which impersonates cryptocurrency wallet applications to steal seed phrases and remotely control devices. This shows that malware targeting crypto users is becoming increasingly sophisticated and dangerous.
How to protect your devices and digital assets?
Kaspersky advises users to:
✅ Only buy phones from official sources or reputable retailers
✅ Avoid using applications from unclear sources, especially those that request deep access permissions
✅ Install reliable security software that is regularly updated
✅ Always check the wallet address carefully before transferring money, especially when copy-pasting
✅ Absolutely do not share seed phrases, even with seemingly "official" applications
Conclusion: A cheap smartphone can leave you empty-handed with your crypto wallet
The return of Triada shows that the market for fake and cheap #Android phones is an extremely dangerous vulnerability in digital security, especially for crypto users. In an era where everything is connected, an unsafe device can cause your digital assets to evaporate in an instant.
Be cautious: Low prices can be a trap, especially when it comes to crypto.
⛔ Risk warning: The cryptocurrency market always carries many risks, especially when accompanied by cyber threats like malware and malicious software. Always stay updated, protect your wallet and personal devices, and only use reliable applications and devices to mitigate the risk of asset loss. #anhbacong