Quick Takeaways
-
New Malware Threat: Researchers have identified “Keenadu,” a malware embedded in the firmware of various Android devices, allowing attackers unrestricted remote access to all apps.
-
Supply Chain Compromise: The malware originated from a supply chain attack where malicious code was integrated during firmware development, affecting multiple small device manufacturers.
-
Ad Fraud Operations: Currently, Keenadu enables ad fraud by simulating clicks on advertisements, but it can also take full control of compromised devices, posing significant security risks.
-
Connections to Major Botnets: Keenadu is linked to other major Android botnets (BADBOX, Triada, Vo1d), indicating a coordinated effort among various malware operations, further complicating the cybersecurity landscape.
A Firmware Level Threat
Researchers recently identified a concerning piece of malware embedded in the firmware of various Android devices. Kaspersky, a leading cybersecurity firm, named this malware “Keenadu.” It injects itself into every application on affected systems. Consequently, this gives attackers near-unrestricted remote access to user data. Kaspersky discovered Keenadu while investigating similar firmware-level threats.
The malware originates from a compromised stage in the firmware supply chain. As a result, it integrates itself into the code before the device even reaches the market. Thus, many manufacturers may have been unaware of the risks posed by their devices. As of February, approximately 13,000 Android devices have fallen victim to Keenadu. Most affected users reside in Russia, with others in countries like Japan and Germany. Some users received devices already infected with the malware, while others encountered it through standard over-the-air updates.
Keenadu poses additional dangers through its stealthy distribution methods. Attackers can hide the malware within system apps, including common services like facial recognition tools. Furthermore, it can penetrate modified versions of popular applications available on official platforms. The malware operates as a multi-stage loader, which can hijack browser searches and commit advertising fraud, among other actions. Users may find their devices executing tasks without their knowledge.
Connected to Other Major Android Botnets?
Worryingly, Kaspersky’s investigation linked Keenadu to several other notorious Android botnets, such as BADBOX and Triada. This connection hints at a coordinated effort among some of the largest mobile malware operations. Evidence shows instances where BADBOX deployed Keenadu payloads, emphasizing a growing network of cyber threats.
Kaspersky has stepped forward to help users identify if their devices are infected. If a device came with Keenadu preloaded, replacing the firmware is the only solution. For other cases, users should seek clean replacements for any infected applications or disable them entirely. Users who unknowingly downloaded malicious apps from third-party sources should uninstall them.
The growing prevalence of such threats underscores the necessity for robust security measures. As technology evolves, so do the tactics of cybercriminals, reminding users to remain vigilant in protecting their devices and personal information.
Discover More Technology Insights
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Discover archived knowledge and digital history on the Internet Archive.
CyberRisk-V1
