A dangerous new Android backdoor has been found - Keenadu lurks in firmware, here's what we know

News
By published

Kaspersky finds new backdoor being distributed in brand new Android devices

An Android phone being held in the hand
(Image credit: Shutterstock / mindea)
  • Kaspersky found new Android devices come with Keenadu malware preinstalled
  • A firmware variant gives attackers full control over apps, data, and searches
  • 13,000+ infections detected; victims advised to replace compromised devices

Be careful where you’re buying your Android devices - as experts have warned some come preinstalled with sinister malware that can take over your entire device, snoop on your data, make changes, and more.

Researchers from Kaspersky have discovered a brand new malware variant, which they dubbed Keenadu, operating as a backdoor, with varying degrees of compromise, depending on how it is deployed.

What's worse is that Keenadu is being deployed at firmware level, which means someone installed it below the OS, and before the device was even sold on the market. The experts not how they’ve also seen it embedded within system apps, deployed through malicious APKs, and even apps on the Google Play Store - but the variant deployed at firmware level was, by far, the most dangerous one.

No evidence of exploitation

“In this variant, Keenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim’s device,” Kaspersky explained.

“It can infect every app installed on the device, install any apps from APK files and give them any available permissions. As a result, all information on the device, including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors search queries that the user inputs into the Chrome browser in incognito mode.”

Luckily for the victims, the attackers are driving this Ferrari as if it was a Fiat 500, as they’re using it primarily to get clicks on ads.

So far, Kaspersky has identified around 13,000 infected endpoints, mostly located in Russia, Japan, Germany, Brazil, and the Netherlands. If the malware sees the device’s language, or timezone, is associated with China, it will not integrate - possibly suggesting the attackers are of Chinese origin.

Furthermore, the malware also stops if the Google Play Store and Play Services are not found on the device which, I presume, means HarmonyOS devices (Huawei hardware) are not being targeted.

The malicious Android apps that were sitting on the Google Play Store were removed in the meantime, but researchers advise victims to stop using these devices and replace them with clean alternatives.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.