In 2016, Kaspersky Labs unveiled a trojan that had infiltrated Google Android smartphones. Dubbed Triada by Kaspersky malware analysts, the malware was capable of installing a backdoor as part of a supply chain attack to crack into smartphones. Google, so far, has kept silent on admitting or denying Triada’s presence on Android devices.
Last week, however, Google published a report on its security blog that admitted Triada’s existence on Android smartphones.
Using its authority over the operating system, Triada replaced systems files with malware and mostly stored itself over the mobile phones’ RAM.
According to researchers at Dr. Web, the hackers behind the Trojan installed a function that was called each time an app was run rather than using the malware to root the smartphone to take benefit of users’ information. It then set up a backdoor code that ran on any application installed on the phone.
Google Has Dealt With the Threat
Analysts suggested that the Trojan was used by a third-party to infect the system images, a serialized copy of the state of a computer system stored in the form of a file, during the production process itself. This was done with 42 models of budget smartphones that were mostly sold in China.
As of the recent reports from Google, the company claims that users needn’t be worried about the malware as it has already been dealt with. The new model phones are also shielded against Triada and Google is now performing security scans of the infected smartphones to detect and remove the Trojan from them.
Blockchain Be the Saviour
The backdoor, as reports stated, came pre-installed on the smartphones, pointing towards a supply-chain attack. Third-parties were involved in tampering with the phones during distribution to make the harm go unnoticed.
Had a blockchain system been in place for the management of production and distribution, any tampering would have been next to impossible. This shows how important a role blockchain can play in every industry by helping to secure supply-chain systems from ill actors.
Why do you think Google took almost three years to come out and address the issue? Do you think blockchain could have prevented the supply chain attack? Let us know in the comments below.