Russia-based antivirus vendor has revealed that over 42 models of Android smartphones are sold carrying a banking trojan. Tirada Android banking trojan that was discovered a couple of years back can root devices and make it impossible for users to get rid of it without reinstalling the operating system.

These Trojans infect the process of an important Android system component, Zygote. This process is used to launch all applications. Once the Trojans inject into this module, they penetrate other running applications. In doing so, they obtain the ability to carry out various malicious activities without a user’s intervention: they covertly download and launch software. The key feature of Android.Triada.231 is that cybercriminals inject this Trojan into the libandroid_runtime.so system library. They do not distribute the Trojan as a separate program. As a result, the malicious application penetrates the device firmware during manufacture. Users receive their devices already infected from the box.

The AV firm said that the malware is present in the devices which are sold not only in Russia but globally. "For instance, in Poland, Indonesia, China, the Czech Republic, Mexico, Kazakhstan, [and] Serbia," Dr.Web said. The company's report adds that this Android banking trojan usually affects low-cost phones, includingLeagoo, Doogee, Vertex, Cherry Mobile, and others.

Unfortunately, the report won't surprise anyone in the industry. Several reports have previously suggested how some Android manufacturers ship their brand new phones with malware, adware and trojans. It appears these reports aren't affecting the manufacturers since they continue to use the same tactics, suggesting that their userbase usually stays unaware of these reports.

In several cases, it wasn't the manufacturer, however, that was to blame - at least not entirely. Third party software developers continue to inject malware alongside the applications that come with the newly shipped phones."This [software development] company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation," the AV firm said.

"Unfortunately, this controversial request did not evoke any suspicions from the manufacturer. Ultimately, Android.Triada.231 got to the smartphones without any obstacles."

However, at the end of the day it is the responsibility of the manufacturer to test and ship these deviceswithoutany modules that spy on users, steal their banking credentials or send all of their data to unknown criminals.

Here's the latest list of devices that were shipped withAndroid.Triada.231:

Leagoo M5

Leagoo M5 Plus

Leagoo M5 Edge

Leagoo M8

Leagoo M8 Pro

Leagoo Z5C

Leagoo T1 Plus

Leagoo Z3C

Leagoo Z1C

Leagoo M9

ARK Benefit M8

Zopo Speed 7 Plus

UHANS A101

Doogee X5 Max

Doogee X5 Max Pro

Doogee Shoot 1

Doogee Shoot 2

Tecno W2

Homtom HT16

Umi London

Kiano Elegance 5.1

iLife Fivo Lite

Mito A39

Vertex Impress InTouch 4G

Vertex Impress Genius

myPhone Hammer Energy

Advan S5E NXT

Advan S4Z

Advan i5E

STF AERIAL PLUS

STF JOY PRO

Tesla SP6.2

Cubot Rainbow

EXTREME 7

Haier T51

Cherry Mobile Flare S5

Cherry Mobile Flare J2S

Cherry Mobile Flare P1

NOA H6

Pelitt T1 PLUS

Prestigio Grace M5 LTE

BQ 5510