A wave of counterfeit Android smartphones sold through unauthorised retailers is currently exposing unsuspecting Nigerian users to account theft, crypto fraud, and digital surveillance — even before the phones are powered on.
Cybersecurity firm Kaspersky is revealing that it is uncovering a variant of the Triada Trojan that is preinstalled at the firmware level of fake Android devices, making it one of the most severe threats currently spreading across the Android ecosystem.
Mr Dmitry Kalinin, Malware Analyst at Kaspersky Threat Research, is confirming in a statement seen by Technology Times that the Triada malware “is infiltrating device firmware before it even reaches the user — pointing to a dangerous supply chain compromise.”
According to Kaspersky, the malware is now affecting over 2,600 users globally, with attackers already siphoning off at least $270,000 in stolen cryptocurrency, possibly more due to the use of untraceable tokens like Monero.
Triada is wreaking havoc silently
Unlike traditional mobile malware, which typically spreads via dodgy apps, Triada is embedding itself deep into the system during the phone’s production. Once the device is powered on, the malware is launching automatically, remaining undetectable even to most antivirus software.
Kaspersky says the malware is currently hijacking sensitive login credentials from apps like Telegram, TikTok, Facebook, and Instagram, replacing cryptocurrency wallet addresses, redirecting calls using fake caller IDs, and sending or deleting WhatsApp and Telegram messages — all without the user’s knowledge.
Other sinister actions include secretly reading and deleting SMS messages, charging premium-rate services, and cutting off internet access to evade fraud detection systems.
Counterfeit phones are the danger zone
Triada is infecting cloned phones that mimic popular smartphone brands and are being sold at cheaper prices through informal retailers, marketplaces, and online platforms that fail to verify authenticity. These knock-off phones often look real but are coming loaded with malware and substandard components.
Mr Kalinin warns that the compromise is happening during the production or software development stage. “This is not your regular app malware — this is malware coming directly from the factory floor.”
Google is also confirming in a related blog post that Triada is classed as a pre-installed backdoor — one of the most dangerous forms of mobile malware — because it gains system-level access and is nearly impossible to remove without flashing the firmware or replacing the entire device.
What Nigerian Android users can do
Kaspersky is urging Nigerians to take extra precautions when purchasing Android phones — especially low-budget ones. Users are being advised to:
-
Buy only from trusted, authorised stores or directly from official brand outlets
-
Check if the brand offers official support, firmware updates, and global presence
-
Avoid devices running outdated Android versions (anything below Android 12 is a red flag)
-
Compare suspiciously cheap offers with pricing of better-known brands
-
Install a reliable Android security solution immediately after purchase
-
Disable unnecessary apps and update the firmware before regular use
“This isn’t just about price,” Kaspersky says. “It’s about security. The cheapest phone could cost you your privacy, your accounts, and your money.”
Home