Dangerous new Keenadu malware found pre-installed on cheap Android phones and tablets — how to stay safe

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Most Android malware is spread through dodgy apps and sideloaded programs, meaning that you can slightly control what gets on your device. However, researchers at Kaspersky have discovered a new Android backdoor, dubbed Keenadu, that is embedded in the firmware of tablets from several manufacturers.

The new report indicates that Keenadu can be distributed via compromised firmware images, other backdoors, embedded in system apps or modified from third-party sources or even the Google Play Store.

The firmware version is the most potent and has infected more than 13,000 devices mostly in Russia, Japan, Germany, Brazil and the Netherlands. Keenadu apparently does not activate if the language or time zone is associated with China, which indicates a potential clue as to its origin.

How it works

Kaspersky researchers noted that it's mostly being used for fraudulent ads, but that it's capabilities go far beyond that. It can inject itself into the Android "Zygote" process, a core system process that launches every app on your device.

This means it can give bad actors broad control and visibility over your system.

“Keenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim’s device,” Kaspersky told BleepingComputer. "It can infect every app installed on the device, install any apps from APK files, and give them any available permissions.”

The researchers also found the malware in several apps that were available on the Google Play Store, including a smart home camera app that had over 300,000 downloads.

In a confirmed example, firmware images on the Alldocube iPlay 50 mini Pro tablet were compromised, including in tablets released after the vendor was informed of the malware. The firmware has valid signatures, meaning that it's a supply-chain issue where malicious code was injected during software development or even the manufacturing process.

Here's the silver lining: if you have one of the best tablets from a flagship brand like OnePlus or Samsung, you likely won't be affected by this malware. However, lesser-known Android manufacturers or knock-off ones seem to be more dangerous, and affected vendors haven't been totally named. This is quite similar to how malware was found on millions of budget Android TV boxes last year.

How to stay safe

If you have a budget Android tablet, especially from a smaller or knock-off brand, it's worth checking for software updates. You can also try installing fresh firmware from a reliable third-party. Kaspersky did say that vendors have been notified and hopefully are working on clean firmware updates.

Beyond that, it may be safer to invest in a tablet from a trusted manufacturer. We can help you with choices of the best tablets under $500 and the best Android tablets overall.

A Google spokesperson told Android Authority that "Android users are automatically protected from known versions of this malware by Google Play Protect." The spokesperson added that Play Protect will warn you and disable apps known to exhibit Keenadu behavior.

Google Play Protect is on by default, but if you want an extra layer of protection, you can run one of the best Android antivirus apps alongside it for scanning and defending your tablet or phone.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• 300,000+ Chrome users installed these malicious extensions posing as AI assistants — delete them right now
• How did the FBI get Nancy Guthrie's Google Nest camera footage if it was disabled — and what does it mean for your privacy?
• I visited a VPN data center – here's what I learned