Update, February 17, 2026 (02:35 PM ET): After the publication of the original article below, a Google spokesperson reached out to us with the following statement:
“Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users and disable apps known to exhibit Keenadu associated behavior, even when those apps come from sources outside of Play. As a best security practice, we recommend users ensure their device is Play Protect certified.”
The Kaspersky research highlighted that the Keenadu malware wasn’t found only in firmware builds, and Google further reassured us that all three malicious apps identified in the report on Google Play have been removed. If you want to double-check that your device is Google Play Protect certified, you can find out how here.
Original article, February 17, 2026 (01:18 PM ET): Worrying as it may be, at least most Android malware spreads through shady apps or dodgy downloads, giving you a semblance of autonomy over whether you get infected by it or not. But security researchers say they’ve found something more unsettling: a backdoor built directly into the firmware of certain Android tablets before they even reached users.