Supply Chain Attack Embeds Malware in Android Devices

• Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Article Summaries:

• A new supply‑chain attack has been identified that embeds malicious code into Android devices through the Keenadu distribution channel. The malware silently downloads payloads that hijack users’ web searches, redirecting them to fraudulent sites. It also generates ad‑fraud traffic, inflating click‑through rates for malicious advertisers. The infection operates without user awareness, executing its functions in the background. Security teams are urging Android users and developers to verify the integrity of their app sources and apply the latest security patches to mitigate the threat.

Sources:

• https://www.darkreading.com/mobile-security/supply-chain-attack-embeds-malware-android-devices