- Kaspersky found that new Android devices come with Keenadu malware pre-installed
- A firmware variant gives attackers full control over apps, data and searches
- 13,000+ infections detected; victims are advised to replace compromised devices
Be careful where you buy your Android devices – as experts have warned that some come pre-installed with nasty malware that can take over your entire device, snoop on your data, make changes and more.
Researchers from Kaspersky have discovered a brand new malware variant, which they dubbed Keenadu, that acts as a backdoor, with varying degrees of compromise depending on how it is implemented.
What’s worse is that Keenadu is being implemented at the firmware level, which means someone installed it under the OS and before the device was even sold in the market. The experts don’t know how they’ve also seen it embedded in system apps, deployed through malicious APKs and even Google Play Store apps — but the variant implemented at the firmware level was by far the most dangerous.
No evidence of exploitation
“In this variant, Keenadu is a fully functional backdoor that gives attackers unlimited control over the victim’s device,” Kaspersky explained.
“It can infect all apps installed on the device, install all apps from APK files and grant them all available permissions. As a result, all information on the device including media, messages, banking information, location, etc. can be compromised. The malware even monitors search queries entered by the user in the Chrome browser in incognito mode.”
Fortunately for the victims, the attackers drive this Ferrari as if it were a Fiat 500, as they primarily use it to get clicks on ads.
So far, Kaspersky has identified around 13,000 infected endpoints, mostly located in Russia, Japan, Germany, Brazil and the Netherlands. If the malware sees that the device’s language or time zone is associated with China, it will not integrate – possibly indicating that the attackers are of Chinese origin.
Furthermore, the malware also stops if the Google Play Store and Play Services are not present on the device, which I assume means that HarmonyOS devices (Huawei hardware) are not targeted.
The malicious Android apps sitting on the Google Play Store were removed in the meantime, but researchers are advising victims to stop using these devices and replace them with clean alternatives.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
