ISLAMABAD: Cybersecurity firm Kaspersky has identified a new Android malware strain, dubbed “Keenadu,” which has been found embedded in brand-new devices, system applications and even apps distributed through official platforms.
According to Kaspersky, the malware is currently being used primarily for advertising fraud, turning infected smartphones and tablets into bots that generate fraudulent ad clicks. However, some variants reportedly allow attackers extensive control over compromised devices.
Also Read: Kaspersky’s OT calculator enables confident, data-backed OT security investments
As of February 2026, Kaspersky’s mobile security solutions detected more than 13,000 infected devices.
Malware hidden at firmware level
Kaspersky said certain versions of Keenadu are integrated directly into device firmware during stages of the supply chain. In such cases, the malware functions as a backdoor capable of installing apps from APK files, granting permissions and infecting other applications on the device.
The company warned that sensitive data — including media files, messages, banking credentials and location information — could be exposed. Some variants reportedly monitor search queries entered into Chrome’s incognito mode.
The malware’s activation depends on specific conditions. It does not operate if the device language is set to a Chinese dialect and the time zone corresponds to China. It also requires Google Play Store and Google Play Services to be installed.
Embedded in system and Google Play apps
When embedded within system apps rather than firmware, Keenadu’s capabilities are more limited but still significant due to elevated system privileges. Kaspersky reported discovering the malware inside a facial recognition unlocking app and, in some instances, within the device’s launcher app.
The firm also identified several Google Play apps related to smart home cameras infected with Keenadu. These applications had collectively surpassed 300,000 downloads before being removed from the store.
Dmitry Kalinin, a security researcher at Kaspersky, said preinstalled malware remains a growing concern for Android users. He noted that devices can be compromised “right out of the box” without user interaction, and supply chain compromises may occur without vendors’ knowledge if malware mimics legitimate system components.
User advisory
Kaspersky recommends installing reliable mobile security solutions to detect such threats. If a system app is found infected, users are advised to stop using and disable it. In cases where the default launcher is compromised, switching to a third-party launcher may help mitigate risks.
The company emphasized the importance of rigorous security checks throughout device production stages to prevent firmware-level infections.
Today's E-Paper