New Keenadu backdoor found in Android firmware, Google Play apps

• Keenadu: sophisticated Android malware embedded in firmware across multiple device brands. • Distributes via OTA firmware, system apps, unofficial sources, and Google Play apps. • Firmware-based variant most powerful, infects all installed apps, unlimited device control. • 13,000 infected devices confirmed, spread across Russia, Japan, Germany, Brazil, Netherlands. • Stops in China language/timezone or if Google Play/Play Services missing, hinting origin. • Operators focus on ad fraud, but malware can steal data, install apps, grant permissions. • Comparable to Triada malware found in counterfeit low‑cost phones. • Kaspersky warns all device data-media, messages, banking credentials-can be compromised.

Article Summaries:

• A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other backdoors, embedded in system apps, modified apps from unofficial sources, and even through apps on Google Play. There are multiple variants of Keenadu, each with its own set of

Sources:

• https://www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/