Researchers at Kaspersky have analyzed Keenadu, an Android backdoor found preinstalled in device firmware or delivered via OTA updates and malicious apps, which gives operators full remote control and is primarily used for ad fraud. Kaspersky detected roughly 13,000 infections across countries including Russia, Japan, Germany, Brazil, and the Netherlands, and found links between Keenadu and large botnets such as BadBox, Triada, and Vo1d; exploitative apps on Google Play had over 300,000 downloads before removal. #Keenadu #BadBox
Keypoints
- Keenadu is an Android backdoor embedded in firmware or delivered via OTA updates and app stores.
- The backdoor grants full remote control of infected devices but is mainly used to conduct ad fraud operations.
- Kaspersky observed Keenadu loaded into every app’s address space and integrated into critical system utilities in some firmware builds.
- About 13,000 devices were detected with the malware, concentrated in Russia, Japan, Germany, Brazil, and the Netherlands.
- Keenadu shows links to major Android botnets like BadBox, Triada, and Vo1d and has likely Chinese origins; malicious apps reached over 300,000 downloads on Google Play.
Read More: https://www.securityweek.com/new-keenadu-android-malware-found-on-thousands-of-devices/