Ethical Hacking News
A new Android backdoor known as Keenadu has been identified by Kaspersky, which is spreading an ad fraud campaign across devices. The malware was discovered in firmware pre-installed on various Android devices, which can grant attackers near-total control of infected devices. With over 13,000 infected devices detected so far, users are advised to take steps to protect their Android devices from this ongoing threat.
Keenadu is an Android backdoor that has been pre-installed on various devices, spreading ad fraud across the mobile ecosystem.The malware can be embedded into system apps, firmware, and distributed via official stores like Google Play.Keenadu uses a multi-stage loader design that grants its operators near-total control of infected Android devices.The malware is linked to major Android botnets, including Triada, BADBOX, and Vo1d.Infections have been reported in over 13,000 devices worldwide, with the majority located in Russia, Japan, Germany, Brazil, and the Netherlands.
In a shocking revelation, cybersecurity experts at Kaspersky have identified an Android backdoor known as Keenadu, which has been pre-installed on various devices. This malware campaign, which has been dubbed the "biggest threat to the mobile ecosystem in years," is designed to spread ad fraud across Android devices.
The Keenadu backdoor was discovered by Kaspersky researchers, who found that it could be embedded into system apps, firmware, and even distributed via official stores like Google Play. This means that users may not even realize they are infected with malware until their device's performance starts to decline or they receive strange notifications on their screen.
According to the report, Keenadu uses a multi-stage loader design that grants its operators near-total control of infected Android devices. The malware can take full control of devices, load extra malicious modules from its C2 server, and even deploy spyware or additional droppers. This makes it a formidable threat to users who have fallen victim to the malware campaign.
Kaspersky researchers found that Keenadu was linked to major Android botnets, including Triada, BADBOX, and Vo1d. These botnets are groups of compromised devices that are controlled by attackers, who can use them to spread malware and conduct other malicious activities.
The report also reveals that some variants of the Keenadu backdoor rely on a native library to load modules and silently install APKs. This means that users may not even notice their device is infected until it's too late.
In addition, researchers found that Keenadu was distributed via modified popular apps from unofficial stores and even Google Play, where trojanized smart camera apps with over 300,000 downloads secretly launched the Nova clicker under specific conditions. This highlights the need for users to be cautious when downloading apps from outside official sources.
As of February 2026, Kaspersky has detected more than 13,000 Android devices infected with Keenadu. The majority of these victims were located in Russia, Japan, Germany, Brazil, and the Netherlands, although infections have been reported in other countries as well.
The discovery of the Keenadu backdoor serves as a stark reminder of the ongoing threat landscape facing Android device users. With the rise of ad fraud campaigns and malicious malware, it's essential for users to stay vigilant and take steps to protect their devices from falling victim to these types of threats.
A new Android backdoor known as Keenadu has been identified by Kaspersky, which is spreading an ad fraud campaign across devices. The malware was discovered in firmware pre-installed on various Android devices, which can grant attackers near-total control of infected devices. With over 13,000 infected devices detected so far, users are advised to take steps to protect their Android devices from this ongoing threat.
Related Information:
https://www.ethicalhackingnews.com/articles/Android-Backdoor-Keenadu-Malware-Spreads-Ad-Fraud-Campaign-Across-Devices-ehn.shtml
https://securityaffairs.com/188147/malware/keenadu-backdoor-found-preinstalled-on-android-devices-powers-ad-fraud-campaign.html
https://risky.biz/risky-bulletin-supply-chain-attack-plants-backdoor-on-android-tablets/
https://www.geeksforgeeks.org/ethical-hacking/what-is-triada-malware/
https://massking.substack.com/p/the-persistent-threat-of-triada-malware
https://www.malwarebytes.com/blog/news/2025/03/android-botnet-badbox-largely-disrupted
https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html
https://www.darktrace.com/blog/unmasking-vo1d-inside-darktraces-botnet-detection
https://www.forbes.com/sites/alexvakulov/2025/02/28/android-tv-users-beware-vo1d-malware-botnet-now-controls-16m-devices/
Published: Thu Feb 19 01:40:05 2026 by llama3.2 3B Q4_K_M
