What happened
Researchers at Kaspersky discovered a malware called Keenadu embedded in Android firmware, system apps, and apps distributed through Google Play, enabling attackers to gain persistent control over infected devices. The malware was found in firmware on devices such as the Alldocube iPlay 50 mini Pro, where compromised OTA infrastructure delivered malicious updates, and in smart home camera apps that accumulated over 300,000 downloads before removal. Keenadu can steal messages, credentials, media, and location data while installing additional applications with elevated permissions.
Who is affected
Android users running compromised firmware or infected applications distributed through Google Play are affected, as Keenadu enables attackers to access device data and control application behavior.
Why CISOs should care
Firmware-level malware and compromised official app distribution channels highlight supply chain risks that allow attackers to persist on mobile devices and access sensitive enterprise and personal data.
3 practical actions
- Audit affected Android devices. Identify systems running compromised firmware or malicious applications associated with Keenadu.
- Replace compromised firmware. Install clean firmware versions from trusted vendors to remove embedded malware.
- Review mobile app installations. Remove affected applications and investigate devices showing signs of unauthorized privilege escalation.