Ethical Hacking News
Android users should be aware of the newly discovered Keenadu malware, which has already infected over 13,000 devices across various countries. The malware's advanced capabilities make it challenging to detect and remove using standard Android OS tools.
Keenadu is an advanced Android malware that has infected over 13,000 devices worldwide. The malware exploits vulnerabilities in device firmware, allowing it to compromise all installed applications and gain unrestricted control. Keenadu can infect every app on the device, install any apps from APK files, and grant them any available permissions. The malware monitors search queries input into Chrome browser tabs in incognito mode. The malware is present in firmware from multiple Android tablet manufacturers, including Alldocube. Users are advised to find and install a clean firmware version or opt for reputable third-party sources, but risk bricking their device if incompatible.
Android security has never been more under threat, thanks to a new malware discovered by Kaspersky researchers. The newly identified backdoor, dubbed Keenadu, has already infected over 13,000 devices in various countries, including Russia, Japan, Germany, Brazil, and the Netherlands.
Keenadu is an advanced Android malware that exploits vulnerabilities within the firmware of multiple device brands, allowing it to compromise all installed applications and gain unrestricted control over infected devices. According to Kaspersky researchers, Keenadu was first discovered embedded in firmware images delivered over-the-air (OTA) and via other backdoors, including system apps, modified apps from unofficial sources, and even through legitimate Google Play apps.
The malware's most potent variant is the firmware-based version, which does not activate if the language or timezone associated with China. This may indicate that Keenadu has ties to Chinese hackers, although further investigation is required to confirm this theory.
One of the most alarming aspects of Keenadu is its ability to infect every app installed on the device, install any apps from APK files, and grant them any available permissions. As a result, all information on the device, including media, messages, banking credentials, location, and search queries, can be compromised. The malware even monitors search queries that users input into Chrome browser tabs in incognito mode.
The researchers found the malware embedded in system apps for facial recognition, typically used for unlocking devices and various authorization and authentication actions. However, its elevated privileges allow it to install any app without alerting the user.
Another worrying aspect of Keenadu is its presence in firmware from Android tablets from multiple manufacturers, including Alldocube. In one instance, the malicious firmware was dated August 18, 2023. After a customer reported that their device's OTA server had been compromised and malware inserted during an update, the company acknowledged "a virus attack through OTA software" but did not provide information on the type of threat.
The malware's capabilities are so extensive that Kaspersky researchers recommend users to find and install a clean firmware version for their device. Alternatively, users can opt for firmware from reputable third-party sources, although this comes with the risk of bricking the device in case of incompatibility.
In conclusion, Keenadu is a sophisticated Android malware that poses an imminent threat to mobile security. Its deep-rooted nature makes it challenging to detect and remove using standard Android OS tools. As such, users are advised to exercise extreme caution when interacting with their devices and to keep their firmware up-to-date.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Android-Malware-Keenadu---A-Deep-Rooted-Threat-to-Mobile-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/
https://thehackernews.com/2026/02/keenadu-firmware-backdoor-infects.html
https://www.pcmag.com/news/preinstalled-keenadu-android-malware-can-hack-apps-you-launch-on-a-device
Published: Tue Feb 17 16:04:39 2026 by llama3.2 3B Q4_K_M
