A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices.
According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other backdoors, embedded in system apps, modified apps from unofficial sources, and even through apps on Google Play.
There are multiple variants of Keenadu, each with its own set of capabilities, the most potent of them being the firmware-based version.
As of February 2026, Kaspersky has confirmed 13,000 infected devices, many located in Russia, Japan, Germany, Brazil, and the Netherlands.
The security researchers compare Keenadu to Triada, another Android malware family they spotted in counterfeit Android devices last year, mostly low-cost phones that go through shady supply chain routes.
In its firmware-integrated variant, Keenadu does not activate if the language or timezone is associated with China, which may represent a potential clue about its origin. The malware also stops if the Google Play Store and Play Services are not found on the device.
Although its operators are currently focused on ad fraud operations, Kaspersky notes that the malware’s capabilities go far beyond, as it is capable of broad-range data theft and risky actions on the compromised device.
“Keenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim’s device,” Kaspersky told BleepingComputer.
“It can infect every app installed on the device, install any apps from APK files, and give them any available permissions.”
“As a result, all information on the device, including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors search queries that the user inputs into the Chrome browser in incognito mode,” the researchers said.
... continue reading