{"id":214519,"date":"2026-02-17T09:05:00","date_gmt":"2026-02-17T14:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/"},"modified":"2026-02-17T11:10:11","modified_gmt":"2026-02-17T16:10:11","slug":"new-keenadu-backdoor-found-in-android-firmware-google-play-apps","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/","title":{"rendered":"New Keenadu backdoor found in Android firmware, Google Play apps"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/\">New Keenadu backdoor found in Android firmware, Google Play apps<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-17 09:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices.<\/p>\n<p>According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other backdoors, embedded in system apps,\u00a0modified apps from unofficial sources, and even through apps on Google Play.<\/p>\n<p>There are multiple variants of Keenadu, each with its own set of capabilities, the most potent of them being the firmware-based version.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/MCP-Best-Practices-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>As of February 2026, Kaspersky has confirmed\u00a013,000 infected devices, many located in Russia, Japan, Germany, Brazil, and the Netherlands.<\/p>\n<p>The security researchers compare Keenadu to Triada, another Android malware family they spotted in counterfeit Android devices last year, mostly low-cost\u00a0phones that go through shady supply chain routes.<\/p>\n<p>In its\u00a0firmware-integrated variant, Keenadu does not activate if the language or timezone is associated with China, which may represent a potential clue about its origin. The malware also stops if the Google Play Store and Play Services are not found on the device.<\/p>\n<p>Although its operators are currently focused on ad fraud operations, Kaspersky notes that the malware\u2019s capabilities go far beyond, as it is capable of broad-range data theft and risky actions on the compromised device.<\/p>\n<p style=\"text-align:center\"><img decoding=\"async\" alt=\"Tweet\" height=\"598\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1220909\/2026\/February\/tweet(3).png\" width=\"606\"\/><\/p>\n<p>\u201cKeenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim\u2019s device,\u201d\u00a0Kaspersky told\u00a0BleepingComputer.<\/p>\n<p>\u201cIt can infect every app installed on the device, install any apps from APK files, and give them any available permissions.\u201d<\/p>\n<p>\u201cAs a result, all information on the device, including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors search&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Keenadu backdoor found in Android firmware, Google Play apps https:\/\/www.bleepingcomputer.com\/news\/security\/new-keenadu-backdoor-found-in-android-firmware-google-play-apps\/ Publish Date: 2026-02-17 09:05:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":214520,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/01\/12\/android-eyes.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-214519","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214519"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=214519"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214519\/revisions"}],"predecessor-version":[{"id":214521,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214519\/revisions\/214521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/214520"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=214519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=214519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=214519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}