The recently discovered Android trojan “Triada,” known for granting superuser privileges to other downloaded Trojans, is now embedding itself into at least four browsers in order to intercept URL requests and send users instead to malicious mobile websites, according to Kaspersky Lab.

A Securelist blog post published earlier this week explains that as of mid-March, Kaspersky began noticing that Triada was using Linux debugging tools to embed its Dynamic Link Library into the processes of the standard Android browser, as well as the 360 Secure, Cheetah and Oupeng browsers. Doing so allows the malware to redirect a URL request, in the style of a Man-in-the-Middle attack.

For now, said the blog, the attack appears to be redirecting Android users from a browser's standard home page and search engine page, to a fraudulent version of these pages. “However, there is nothing to stop similar attacks intercepting any URL, including banking URLs, and redirecting users to phishing pages, etc.,” the blog reads.