"Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices. Dubbed Keenadu, the backdoor has been found in the firmware of various Android device brands, particularly tablets. While in some cases the malware appears to have been injected into the firmware during development, it has also been delivered to devices via OTA firmware updates."
"The malware gives its operators full control of the infected device, but it seems to be mainly used for ad fraud. Kaspersky researchers have seen Keenadu payloads designed to hijack browser search engines, monetize new app installs, and click on ads. In many cases the malware was preinstalled on devices, but the security firm has also seen it being distributed through various application stores (including Google Play and Xiaomi GetApps) disguised as smart camera apps."
Keenadu is an Android backdoor found preinstalled in device firmware and also delivered via OTA updates and app stores. The backdoor grants operators full remote control and is primarily used for ad fraud by hijacking browser search engines, monetizing new app installs, and automating ad clicks. The malware has been distributed as preinstalled firmware and disguised apps, including fake smart camera apps that achieved over 300,000 downloads before removal. Roughly 13,000 infected devices were detected, mainly in Russia, Japan, Germany, Brazil, and the Netherlands. A copy of the backdoor is loaded into every app's address space and is integrated into critical system utilities in some firmware builds. Evidence links Keenadu to the Triada, Vo1d, and BadBox botnets and indicates Chinese origins.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]