Key Takeaways
1. Keenadu Malware: A new malware named Keenadu can be pre-installed on Android devices and infiltrates OTA upgrade packages.
2. Device Access Risks: The malware can grant attackers full access to system data, personal files, and install apps without user consent, primarily used for ad fraud.
3. Limited Activation: Keenadu does not activate in Chinese time zones or if the Google Play Store is absent, hinting at its origins.
4. Affected Devices: The malware has been detected on various devices, including the Alldocube iPlay 50 Mini Pro, with over 13,000 victims reported mainly in Japan, Russia, the Netherlands, Germany, and Brazil.
5. Recommended Action: If affected, users should consider replacing their device with one from a reputable manufacturer, as the malware embeds deeply in the firmware, making removal difficult.
Courtesy of diligent security experts, unaware users can frequently learn about security vulnerabilities hiding in their smart gadgets. A team from Kaspersky Labs has uncovered new malware that, surprisingly, can sometimes be pre-installed on contemporary Android devices.
What is Keenadu?
Named Keenadu, this advanced malware can infiltrate OTA upgrade packages, allowing it to sneak into the firmware of compromised devices. It can also find its way onto devices through dubious unofficial app installers and, on occasion, even through the legitimate Google Play Store.
The Threat it Poses
This malware is not to be taken lightly; it can potentially grant full device access to those with malicious intent. According to Kaspersky, this includes access to system data, personal files, and sensitive information, as well as the ability to install applications without the user’s approval. Curiously, it seems the malware has only been used so far for ad fraud.
Some apps that have been found infected by Kaspersky are shown in the image below:
Origins and Implications
Regarding the malware’s origins, there is no solid information available. Researchers discovered it does not activate if it senses Chinese time zones or location, and also if the Play Store is absent on the device. While we are not making any assertions, it’s worth noting that the Google Play Store does not function in China.
The malware was detected in various devices, including the Alldocube iPlay 50 Mini Pro. Alldocube is also from China and has previously acknowledged issues with compromised OTA update channels, as reported by BleepingComputer.
Currently, Kaspersky has reported that the “Keenadu” malware has impacted over 13,000 victims, primarily in Japan, Russia, the Netherlands, Germany, and Brazil.
What to Do if Affected
Unfortunately, if a user becomes a victim of such an attack, the most advisable step appears to be replacing the device with one from a more reputable manufacturer. This is due to the fact that the malware embeds itself so “deeply” into the firmware of a device, making it nearly impossible to eliminate. While acquiring firmware from a different source may be an option, it carries its own risks, such as compatibility issues.
Source:
Link
Leave a Reply