Hidden Malware Infects Android Tablets Globally

Newly discovered Android malware, named Keenadu, has been preinstalled on several Android tablet models, enabling it to compromise any mobile application launched on the device. Antivirus provider Kaspersky detected this backdoor malware on over 13,000 devices across Europe, Japan, Brazil, and other regions.

The malware's presence in the tablets' firmware suggests a supply chain compromise. Keenadu provides attackers with extensive control over affected devices, allowing it to infect all installed applications, install new ones from APK files, and gain any necessary permissions.

This dangerous backdoor poses a risk to all data on a device, including media, credentials, and location information. It even monitors search queries made in incognito mode. Removal is challenging because the malware loads from the device's firmware, which stores essential boot configuration settings.

Kaspersky noted that the malware has also appeared on the Google Play Store via third-party apps, though these have been removed. Interestingly, Keenadu does not activate if the device's language is a Chinese dialect or if it's set to a Chinese time zone. The research highlights the risks associated with purchasing inexpensive Android devices from unknown brands.