New Triada Malware Attacking Android Devices to Replaces Phone Numbers During Calls

A sophisticated new variant of the Triada malware family has emerged, targeting Android devices with the capability to intercept and modify outgoing calls. This malware silently replaces legitimate phone numbers with fraudulent ones during call initiation, redirecting users to premium-rate numbers or enabling eavesdropping on sensitive communications. Their analysis revealed that the malware uses a previously unseen technique to hook into the Android dialer framework, representing a significant evolution in mobile threat capabilities. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Once installed, the malware exploits privilege escalation vulnerabilities to gain system-level access, allowing it to monitor and modify the Android telephony subsystem. Financial losses from fraudulent premium-rate calls have exceeded an estimated $2 million, with additional risks of sensitive information being compromised during intercepted business calls. When a user initiates a call, the malware intercepts the outgoing number and references it against a remotely controlled database of target numbers and their replacements. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. The firm recommends sourcing smartphones exclusively from authorized distributors and deploying security solutions like Kaspersky for Android to detect such threats. The malware operates stealthily in the background, leaving most users completely unaware that their calls are being manipulated. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The infection mechanism relies on exploiting the Android telephony service by injecting malicious code into the dialer process. Kaspersky researchers identified the threat after investigating unusual patterns of call redirections reported by telecommunications providers. This technique allows attackers to selectively target specific organizations or individuals while avoiding detection through random sampling.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 16:10:17 +0000