Thousands of Android Tablets Found Pre-Infected with Backdoor

You may want to double-check next time your phone appears to be reading your mind. Because cybersecurity researchers have uncovered a sophisticated new malware campaign targeting budget Android tablets. These devices were shipped to consumers with a malicious backdoor already embedded deep within the factory firmware.

According to a report released by Kaspersky, a malware named “Keenadu” has already been detected on more than 13,700 devices worldwide. The infection is particularly prevalent in Russia, Japan, Germany, Brazil, and the Netherlands.

Unlike traditional malware that requires a user to download a malicious file or click a phishing link, Keenadu is a supply-chain threat. Researchers believe it was integrated into the devices during the firmware build stage, meaning the tablets were compromised before they ever left the factory.

A “Zygote” Infection

Keenadu is uniquely dangerous because of where it lives. It is embedded in a core system library that Android uses to boot and manage applications.

By infecting this “Zygote” process, the malware is automatically loaded into the memory of every single application the user opens. This gives the attackers virtually unrestricted control, allowing them to steal sensitive data, commit ad fraud, and manipulate shopping.

Specifically, attackers can access messages, location, and potentially biometric data, hijack browser search engines, monitor app installs, and stealthily click on ads to generate revenue for the attackers.

The developers of Keenadu appear to be operating with a specific geographical focus. The malware contains a “kill switch” designed to avoid detection in its likely home region: it checks the device’s language and time zone, immediately terminating its activity if it detects a Chinese dialect and a Chinese time zone. It also remains dormant on devices that do not have Google Play Services installed.

Written by Clement Saudu

	PIVX: Your Rights. Your Privacy. Your Choice