Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Android Backdoor Pre-Installed On Devices — Thousands Already Infected

  • Kaspersky researchers discovered Keenadu, an Android backdoor embedded in firmware of devices from multiple makers, giving attackers unlimited control over infected devices as of February 2026.
  • Kaspersky says the malware spreads via compromised firmware OTAs, other backdoors, embedded system apps, modified APKs and Google Play; Alldocube acknowledged an OTA server compromise and a malicious August 18, 2023 firmware on the iPlay 50 mini Pro.
  • In its firmware-integrated variant, Keenadu compromises the libandroid_runtime.so core library to operate within every app, silently installs apps, monitors Chrome browser incognito searches, and resists standard Android OS removal tools.
  • Some Google Play apps reached 300,000 downloads before removal, with 13,000 infected devices confirmed by Kaspersky , and researchers advise finding clean firmware or replacing devices while warning of broad data theft risks.
  • Embedding in system apps for facial recognition increases stealth, but malware stops if Google Play Store and Play Services are absent, while researchers compare Keenadu to Triada across multiple device makers and low-cost supply chains.
Insights by Ground AI

16 Articles

ForbesForbes
Center

Android Backdoor Pre-Installed On Devices — Thousands Already Infected

Kaspersky Threat Intelligence has confirmed that a fully functional malware backdoor is being distributed pre-installed on Android devices.

·United States
Read Full Article
PC MagPC Mag
Lean Left

This Preinstalled Android Malware Can Hack Any App You Launch on a Device

Be wary of cheap Android devices. Antivirus provider Kaspersky discovers a new backdoor called 'Keenadu,' which has been circulating as preinstalled firmware on several tablet models.

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

New Keenadu backdoor found in Android firmware, Google Play apps

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices.

Read Full Article
observatorial.comobservatorial.com

They warn about Keenadu, the ‘malware’ preinstalled on some new Android devices for advertising fraud

Cybersecurity experts have warned about Bring ita new ‘malware’ identified on Android devices, Spain being one of the countries with the highest number of detections, which can come pre-installed directly in the ‘firmware’ of the device, be integrated into system applications or downloaded from official stores such as Google Play. Malicious actors use this ‘malware’ […]

Read Full Article
Android AuthorityAndroid Authority

Multiple brands of Android tablets shipped with built-in malware (Updated: Google statement)

TL;DR Researchers found a firmware-level Android backdoor called Keenadu preinstalled on certain tablets before sale. The malware injects into Android’s Zygote process, giving attackers broad control over apps and data on the tablets. Google says that Android users are automatically protected from known versions of this malware by Google Play Protect. Update, February 17, 2026 (02:35 PM ET): After the publication of the original article below, …

Read Full Article
winfuture.dewinfuture.de

Fiery Android Firmware with Back Door Contaminated Devices Ex Factory

A new Android malware called Keenadu nests directly in the tablet firmware. Unnoticed, attackers take control, even in the Google Play Store the malicious code appeared. The removal is almost impossible for laymen. (Continue reading)

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

securelist.com broke the news in on Tuesday, February 17, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Apps icon

Apps

Cyberattacks icon

Cyberattacks

Android icon

Android

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal