• Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. • The Russian cybersecurity vendor said it discovered the backdoor, dubbedKeenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase. • Keenadu has been detected in Alldocube iPlay 50 mini Pro firmware dating back to August 18, 2023. • In all cases, the backdoor is embedded within tablet firmware, and the firmware files carry valid digital signatures. • The names of the other vendors were not disclosed. • “In several instances, the compromised firmware was delivered with an OTA update,” security researcher Dmitry Kalininsaidin an exhaustive analysis published today.

Article Summaries:

  • A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase. Keenadu has been detected in Alldocube iPlay 50 mini Pro firmware dating back to August 18, 2023. In all cases, the backdoor is embedded within tablet firmware, and the firmware files carry valid digital
  • Kaspersky has identified a sophisticated Android backdoor, named Keenadu, that is embedded in the firmware of several tablet brands, including Alldocube. The malware is delivered through signed over‑the‑air (OTA) updates, allowing it to remain hidden while still passing authenticity checks. Once installed, Keenadu injects a client module into every app launched, while a server component runs in the privileged system process, enabling remote control, data harvesting, and manipulation of search engines and ad interactions. The backdoor has been linked to 13,715 affected devices worldwide, with the majority of incidents reported in Russia, Japan, Germany, Brazil, and the Netherlands.

Sources: