Check Point Software Hacker Noon profile picture

@checkpointCheck Point Software

Welcome to the Future of Cyber Security. Providing solutions across all vectors to prevent 5th generation cyber attacks.

Research by: Aviran Hazum, Alex Shamshur, Raman Ladutska, Ohad Mana, Israel Wernik


Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion smartphone users worldwide, and it is estimated that over 85% of those devices – around 3 billion – run the Android OS. Therefore, it is no surprise that criminals and threat actors are actively targeting this vast user base for their own malicious purposes, from trying to steal users’ data and credentials, to planting moneymaking malware, spyware or ransomware, and more.

However, from the threat actors’ perspective, gaining a foothold on victims’ mobiles is an evolving challenge, because the built-in security features on some phones, and the controlled access to official app stores such as Google Play do offer a measure of protection to users. This means that would-be attackers have to develop new and innovative mobile infection vectors, and use and refine new skills and techniques to bypass security protections and place malicious apps in official app stores.

Check Point Research (CPR) recently encountered a mastermind’s network of Android mobile malware development on the dark net. This discovery piqued our interest, as it was extraordinary, even by dark net standards. CPR researchers decided to dig deeper to learn more about the threat actor behind the network, his products, and the business model behind malicious targeting of Android mobile devices.

Deep dive: Journey into the Dark Web

We tracked the activity of the threat actor, who goes by the nickname Triangulum, in several Darknet forums.

“Triangulum” in Latin means “triangle” and the term is commonly used in relation to the Triangulum galaxy which is a spiral galaxy located in the Triangulum constellation.

Just like the Triangulum galaxy, it is hard to spot the traces of the Triangulum actor. But once you do spot him, he’s relatively easy to follow.




: Triangulum™


: triangulum_10 | crook_62


: [email protected]


: Triang#9504

Alternate identities

: Magicroot

Alleged origin

: Indian


: High level of social skills combined with a math background in trigonometry, integration and differentiation


: Approximately 25 years old

Personal details:


Continue reading: