The malware was detected three years ago but was later found to have evolved. Hackers began to embed it in the firmware of low-priced Android smartphones, which were primarily sold in China.

Axar.az reports citing Sputnik.

Google has confirmed that some Android devices had come with pre-installed backdoors right out of the box.

As first reported by the Russia-based cybersecurity provider Kaspersky Lab back in 2016, the malware, called Triada, was initially a Trojan that would obtain root privileges and display intrusive ads on a user's phone.

Google virus analysts managed to wipe it out from all Android devices, but in the summer of 2017 it became clear that Triada had evolved from a rooting Trojan into a pre-installed Android framework backdoor.

The new, more elusive and sophisticated iteration of the virus was embedded into the source code of the system library on Android phones, according to Russian anti-malware company Doctor Web.

It became more dangerous as well, capable of "smuggling" various Trojan modules into the processes of any application; they could steal personal data from bank applications, or intercept correspondence on social media.

Given that the new Trojan was now installed deep in the system section, it became impossible to remove it with special apps and the only way to get rid of it was to erase the phone and install clean firmware.

But how did it get to Android devices in the first place? According to Lukasz Siewierski from the Android security and privacy team, Triada was pre-installed during the production process.

He assumed that a vendor using the name Yehuo or Blazefire, which provided additional features to the original manufacturer, had been supplying an infected Android application.