• Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices.DubbedKeenadu, the backdoor has been found in the firmware of various Android device brands, particularly tablets.While in some cases the malware appears to have been injected into the firmware during development, it has also been delivered to devices via OTA firmware updates.The malware gives its operators full control of the infected device, but it seems to be mainly used for ad fraud. • Kaspersky researchers have seen Keenadu payloads designed to hijack browser search engines, monetize new app installs, and click on ads.In many cases the malware was preinstalled on devices, but the security firm has also seen it being distributed through various application stores (including Google Play and Xiaomi GetApps) disguised as smart camera apps. • The fake applications identified by Kaspersky on Google Play were downloaded more than 300,000 times before they were removed.The security firm’s products have detected Keenadu malware infections on roughly 13,000 devices, mainly in Russia, Japan, Germany, Brazil, and the Netherlands.Advertisement. • Scroll to continue reading.“A copy of the backdoor is loaded into the address space of every app upon launch,” Kaspersky explained, adding, “In certain firmware builds, Keenadu was integrated directly into critical system utilities, including the facial recognition service, the launcher app, and others.“The researchers have found links between Keenadu and several massive botnets largely powered by low-cost Android devices, includingTriada,Vo1d, andBadBox.As with the other botnets, evidence indicates that Keenadu has Chinese origins.“Several of the largest Android botnets are interacting with one another,” Kaspersky said. • “Currently, we have confirmed links between Triada, Vo1d, and BadBox, as well as the connection between Keenadu and BadBox.““It is important to emphasize that these connections a

Article Summaries:

  • Kaspersky researchers have identified a new Android backdoor called Keenadu that can remotely control infected devices. The malware is found in firmware of several tablet brands and can be injected during development or delivered via OTA updates. While it grants full device control, operators mainly use it for ad‑fraud, hijacking search engines, monetizing app installs and click‑fraud. In many cases Keenadu is pre‑installed, but it has also been distributed through app stores, including Google Play, where a fake smart‑camera app was downloaded over 300,000 times before removal. Kaspersky detected roughly 13,000 infections worldwide, mainly in Russia, Japan, Germany, Brazil and the Netherlands. The malware is linked to other large Android botnets such as Triada, Vo1d and BadBox, and is believed to have Chinese origins.

Sources: