Secure-D, the anti-fraud platform that conducted the research, recorded 19.2 million suspicious transactions since March 2019 from over 200,000 unique devices. “The fact that the malware arrives pre-installed on handsets that are bought in their millions by typically low-income households tells you everything you need to know about what the industry is currently up against,” said managing director, Geoffrey Cleaves.
“This particular threat takes advantage of those most vulnerable,” he added.
In a statement to CNN Business, Tecno Mobile said the problem “was an old and solved mobile security issue globally” for which it issued a fix in March 2018. Consumers currently experiencing difficulties should download the fix through their phones or contact after sales support, it added.
Transsion blamed an “unidentified vendor in the supply chain process,” according to BuzzFeed.
Triada malware installs a piece of code known as xHelper onto compromised devices, automatically subscribing users without their knowledge to services that consume pre-paid airtime — the only way to pay for digital products in many developing countries.
“The xHelper trojan persists across reboots, app removals and even factory resets, making it extremely difficult to deal with even for experienced professionals, let alone the average mobile user,” Secure-D, which is owned by mobile technology company Upstream, said in a statement.
The company’s investigation found evidence in code and traffic data to link at least one of the xHelper components to fraudulent subscription requests via Transsion’s Tecno W2 handset. Its analysis was carried out on phones from existing users and newly purchased handsets. No signs of Triada malware were found to affect other mobile phones manufactured by Transsion, Secure-D said.
“We have always attached great importance to consumers’ data security and products safety,” said Tecno Mobile. “Every single software installed on each device runs through a series of rigorous security checks,” it added, noting that security updates are periodically sent to mobile users.