Android devices compromised by hidden backdoor in official firmware
Android devices compromised by hidden backdoor in official firmware
Publish Date: 2026-02-18 05:52:00
Source Domain: www.computing.co.uk
Keenadu can bypass Android’s security protections and compromise every application on the device
A new strain of Android malware capable of taking full control of infected devices has been discovered embedded in tablet firmware and distributed through signed over-the-air updates.
Security firm Kaspersky said the malware, dubbed Keenadu, was found inside system software used by multiple device brands.
Because it is integrated into core components of the operating system, the malicious code can bypass Android’s security protections and compromise every application on the device.
Researchers say the most powerful version of Keenadu is built directly into firmware images, meaning some devices may be infected before they reach users.
As of February 2026, Kaspersky had confirmed around 13,000 infected devices, with cases reported in Russia, Germany, Japan, Brazil and the Netherlands.
Firmware-level threat
Unlike typical malicious apps that rely on users granting permissions, the firmware-based Keenadu variant operates inside a core Android system library. This allows it to run within the context of every application on the device.
Kaspersky said the backdoor could install or modify apps without the user’s knowledge; grant those apps any permission available on the device; access messages, photos, banking data and location; and monitor searches typed into the Chrome browser, even in incognito mode.
“Keenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim’s device,” the company said.
Researchers identified several ways the malware spreads, including:
- Compromised firmware delivered via OTA updates
- System apps pre-installed on devices
- Modified apps from unofficial sources
- Other backdoors
…
