New Keenadu Android Malware Found on Thousands of Devices

Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices.

Dubbed Keenadu, the backdoor has been found in the firmware of various Android device brands, particularly tablets.

While in some cases the malware appears to have been injected into the firmware during development, it has also been delivered to devices via OTA firmware updates.

The malware gives its operators full control of the infected device, but it seems to be mainly used for ad fraud. Kaspersky researchers have seen Keenadu payloads designed to hijack browser search engines, monetize new app installs, and click on ads.

In many cases the malware was preinstalled on devices, but the security firm has also seen it being distributed through various application stores (including Google Play and Xiaomi GetApps) disguised as smart camera apps. The fake applications identified by Kaspersky on Google Play were downloaded more ...