Security researchers from Dr.web found Trojan preinstalled on several mobile devices, along with Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
Android.Triada families use to embed in system libraries that used in launching applications on mobile devices. Android.Triada.231 that detected by Dr.web doesn’t try to root the phones and to escalate privileges as like other Trojan in the family.
Also Read Google Blocked a new Spyware Family Lipizzan
Trojan once executed use to create a working directory launch it’s parameters and check for the environment it is running. If it is Dalvik environment(discontinued by Google) trojan use to launch attacks immediately after they start. Dr.web published a detailed report.
The major role of Android.Triada.231 is to run silently and to download additional modules. As the Trojans are included within system libraries it is not possible to delete using standard methods.