Researchers Uncover Hidden Backdoor in Firmware
Scientists confirm: This is the most effective way to get your cat’s attention, according to new research
Elderly Couple Refuses Reserved Seats—Viral Train Standoff Sparks Fiery Debate on Courtesy
Discovery of a Stealthy Firmware Backdoor
While most Android malware spreads through suspicious apps and sideloads, Kaspersky researchers have identified a new threat named Keenadu, embedded directly in the firmware of various tablet brands.
The recent study shows that Keenadu can enter devices via compromised firmware images, other backdoors, or even through system apps altered from third-party sources, including the Google Play Store.
This firmware-based malware has already affected over 13,000 devices, predominantly in Russia, Japan, Germany, Brazil, and the Netherlands. Notably, Keenadu does not trigger if the device settings are in Chinese, hinting at a possible origin for the malware.
Why You Should Never Reheat These Foods in the Microwave – The Hidden Dangers Experts Warn About
I tried the top 5 guard dogs—here’s what makes these breeds the ultimate protectors
Operating Mechanism of the Malware
Primarily used for generating fraudulent ad revenue, Keenadu’s capabilities extend much further. It integrates into the Android “Zygote” process, which is fundamental for launching apps, thereby granting malevolent actors extensive access and control over the system.
“Keenadu is a fully functional backdoor that allows attackers complete control over the infected device,” Kaspersky explained to BleepingComputer. “It can manipulate all installed apps, install new apps from APK files, and assign them any permissions.”
Additionally, the malware was detected in several applications on the Google Play Store, including a popular smart home camera app with over 300,000 downloads. In one verified instance, firmware images on the Alldocube iPlay 50 mini Pro tablet remained compromised even after the manufacturer was notified, indicating a supply-chain issue where the malware was inserted during the software development or manufacturing process.
Guidelines for Protection
Owners of budget Android tablets, particularly from lesser-known brands, should check for and install software updates. Installing trusted third-party firmware might also be a viable security measure. Kaspersky has informed vendors, who are hopefully working on rectifying the compromised firmware.
Investing in tablets from reputable manufacturers might be safer. For recommendations, you can check guides for the best tablets under $500 and the best overall Android tablets.
A representative from Google informed Android Authority that Google Play Protect automatically shields users from recognized versions of this malware. Play Protect actively disables apps known to exhibit Keenadu-like behavior. Although Google Play Protect is automatically enabled, using a top-tier Android antivirus program can provide an additional layer of security.
Stay updated by following Tom’s Guide on Google News and adding us as a preferred source to receive the latest news, reviews, and analysis directly in your feed.
Similar Posts
- Google Play Store Alert: 200 Malicious Apps Downloaded 42 Million Times: Learn How to Avoid Them!
- Amazon Appstore Closing Tomorrow: Here’s What You Need to Do Right Now!
- Android 16 Unveiled: Release Schedule, Compatible Smartphones, and Update Insights
- “You’ve Been Filmed!”: A Terrifying Virus Activates Your Webcam And Fuels A Wave Of Sexual Blackmail
- Android and iOS Face New Rival: Major Competitor Enters Smartphone Arena
Tobias Nguyen covers mobile technology and social media trends. He combines a background in digital marketing with a passion for emerging tech to provide readers with data-driven insights and practical tech usage tips.