Once inside the “victim”, he imposes his code on all applications installed in it, while changing the algorithm of their work. To detect this “illegal” and even more so to remove is very difficult, because he is perfectly trained by his creators to the methods of IT-conspiracy.
Triada mainly parasitizes on the template process of all applications for Android – Zygote. “Saddled” it, the virus becomes part of the template. Earlier such a scheme of penetration was considered unlikely. Everything speaks for the fact that cybercriminals of the highest qualification are involved in the creation of the virus. Evidence of this is its unique invisibility and inaccessibility.
The creators of the virus gave it a modular structure, due to which, they got the opportunity for a maneuver, constantly expanding and changing its functionality.
Triada is currently an effective means for intercepting money when purchasing additional content in licensed applications.
The main extraction of the virus is payment SMS. Intercepting messages, the virus filters and modifies them in such a way that as a result, money is not in the seller, but in the account of the attacker.