An anti-fraud servcie reports that it has found millions of TECNO W2 smartphones infected by Triada and xHelper Android viruses. TECNO Mobile says they already solved the problem.
Full stack anti-fraud platform, Secure-D, has released a statement saying that they found Triada and xHelper Android virus pre-installed on hundreds of thousands of TECNO W2 smartphones .
A huge number of these issue were detected coming from the W2 in up to 19 different countries across Africa, and those phones recording millions of suspicious transactions.
The statement from Secure-D says:
“Secure-D caught and blocked an unusually large number of transactions coming from Transsion Tecno W2 handsets mainly in Ethiopia, Cameroon, Egypt, Ghana, and South Africa, with some fraudulent mobile transaction activity detected in another 14 countries. To date, a total of 19.2m suspicious transactions – which would have secretly signed users up to subscription services without their permission – have been recorded from over 200k unique devices.”
Triada Android Virus
Google had addressed the Triada issue in a blog post back in June 2019 
Triadia is a malware that serves as a gatekeeper for other malware, including xHelper. How it works is that when installed on a phone, Triadia opens the door for another virus to be installed. In this case, Triada opens the door for the xHelper Android virus to infect the affected phones.
xHelper Android Virus
xHelper is a trojan. That means it is designed to look like a normal app but is actually malicious. It is particularly troublesome in that even if you hard reset or format a compromised smartphone, that does not get rd of xHelper. It simply reinstalls itself right after reboot. It has been a headache to many users whose Android phones got infected with it.
Getting rid of xHelper is a tough task, but not an impossible one. Malware analysts at Kaspersky found a way to successfully removed it .
What damage does xHelper Android virus inflict on sompromised devices? It perpetrates mobile fraud, subscribing unsuspecting phone users to mobile services. Because it does not requrie the phone user’s permission, it is able to work unseen, wiping out users’ airtime through such unauthorised subscriptions.
TECNO W2 is an entry-level smartphone that was released in 2016 and running Android 6.0 (Marshmallow) out of the box. It has a 4.5-inch disply, and is powered by a 1.3GHz quad-core processor coupled with 1GB RAM.
While this phone is barely on sale any more, there are still thousands of units in use in many African countries where TECNO operates.
The Secure-D statement says that Google has attributed the presence of the Triada malware to the actions of a malicious supplier somewhere within the supply chain of the affected phones. The report also says that “no signs of Triada malware were found to affect other mobile phone models created by Transsion”.
TECNO Mobile’s Official Response
TECNO Mobile got in touch with us with a response to this matter. Here is the full official statement:
Back in March 2018, TECNO identified that the Triada issue affected only a version of W2 devices across all series of TECNO mobile phones. At the initial time of detecting the issue, we put together a security team to work on the solution. Consequently, we released the first official OTA fix to users on March 20th 2018, with rigorous system tests and GMS test set out by Google.
By April 30th 2018, the official OTA fixes adapted for different versions of W2 devices were released, assuring that the problem was fixed once the consumer accepted the system update by installing the fix.
For current W2 users facing Triada issue presently, we advise that they download the OTA fix on their phone for installation, or contact TECNO’s after-sales service support for assistance.
At TECNO, we have always attached great importance to users’ data security and products safety. Every single software installed on each device runs through a series of rigorous security checks, such as our own security scan platform, Google Play Protect, GMS BTS and VirusTotal test.
In addition, a 90-day security patch update is periodically delivered to TECNO users to ensure that the security of our products and the protection of users’ devices from malware are not compromised.
xHelper, which is similar to Triada, is a separate global mobile security issue that first appeared in 2019. We have deployed professional security tools such as GMS BTS and VirusTotal to detect the xHelper issue since last November.
All of TECNO’s new releases and software maintenance for old products must go through the test. No reports of xHelper have ever been detected since then.
According to TECNO, they have addressed the Triada and xHelper issues since 2018 and made software updates fixing them available. If you own a TECNO W2, and had not updated the software before now, on your phone, go to Settings -> About phone -> Software updates, to check for the software fix, download and install it to keep your phone protected from Triada and xHelper.
If your TECNO W2 is already infected, installing the software fix is also the thing to do. If you have any further problems, head over to the TECNO service centre nearest to you for assistance. That should be the nearest CarlCare centre.
- xHelper/Triada malware pre-installed on thousands of low cost Chinese Android devices in emerging markets – Upstream (Source)
- Google on Triada (Source)
- Malware analysts at Kapersky solve the xHelper Android virus problem (source).