February 18, 2026

New KeenMobi Android Malware Discovered on Thousands of Devices Globally

Vaibhav February 18, 2026
New-KeenMobi-Android-Malware-Discovered-on-Thousands-of-Devices-Globallydata
Post Views: 6

Researchers Discover New Android Malware “Keenadu”

Researchers have identified a new Android malware, dubbed Keenadu, which has been found on thousands of devices worldwide. The malware, discovered by Kaspersky, is a backdoor that enables its operators to remotely control compromised devices, with the primary goal of committing ad fraud.

How Keenadu Spreads

Keenadu has been found in the firmware of various Android device brands, particularly tablets, and in some cases, it appears to have been injected into the firmware during development. Additionally, the malware has been distributed through over-the-air (OTA) firmware updates and via various application stores, including Google Play and Xiaomi GetApps, disguised as smart camera apps.

Malware Capabilities

Once installed, Keenadu gives its operators full control of the infected device, allowing them to hijack browser search engines, monetize new app installs, and click on ads. Kaspersky has detected Keenadu malware infections on approximately 13,000 devices, mainly in Russia, Japan, Germany, Brazil, and the Netherlands.

The malware is designed to load a copy of the backdoor into the address space of every app upon launch, and in certain firmware builds, Keenadu was integrated directly into critical system utilities, including the facial recognition service and the launcher app.

Connections to Other Botnets

Researchers have found links between Keenadu and several massive botnets, including Triada, Vo1d, and BadBox, which are largely powered by low-cost Android devices. The evidence suggests that Keenadu has Chinese origins, and the connections between these botnets indicate a complex network of malicious activity.

“It is essential to emphasize that these connections are not necessarily transitive,” Kaspersky noted. “However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”

Conclusion

The discovery of Keenadu highlights the ongoing threat of Android malware and the need for users to be vigilant when installing apps and updating their devices. The fact that Keenadu was found in the firmware of various device brands and was distributed through legitimate app stores emphasizes the importance of robust security measures to prevent such malware from spreading.



About Author

Vaibhav

See author's posts

More Stories

Cellebrite-Tool-Used-on-Kenyan-Activist-s-Phone-in-Police-Custody-Surveillance-Concerns-Risedata

Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody: Surveillance Concerns Rise

Vaibhav February 18, 2026
Grandstream-GXP1600-VoIP-Phones-Vulnerable-to-Unauthenticated-Remote-Code-Execution-Flawdata

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Flaw

Vaibhav February 18, 2026
Quantum-Resilient-Convergence-Safeguarding-AI-Space-and-Critical-Infrastructure-from-Cyber-Threatsdata

Quantum-Resilient Convergence: Safeguarding AI, Space, and Critical Infrastructure from Cyber Threats

Vaibhav February 18, 2026

You may have missed

Cellebrite-Tool-Used-on-Kenyan-Activist-s-Phone-in-Police-Custody-Surveillance-Concerns-Risedata

Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody: Surveillance Concerns Rise

Vaibhav February 18, 2026
Grandstream-GXP1600-VoIP-Phones-Vulnerable-to-Unauthenticated-Remote-Code-Execution-Flawdata

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Flaw

Vaibhav February 18, 2026
Quantum-Resilient-Convergence-Safeguarding-AI-Space-and-Critical-Infrastructure-from-Cyber-Threatsdata

Quantum-Resilient Convergence: Safeguarding AI, Space, and Critical Infrastructure from Cyber Threats

Vaibhav February 18, 2026
SmarterMail-Vulnerabilities-Exposed-Rapid-Weaponization-of-Critical-Flawsdata

SmarterMail Vulnerabilities Exposed: Rapid Weaponization of Critical Flaws

Vaibhav February 18, 2026
SmarterMail-Vulnerabilities-Exposed-Rapid-Weaponization-of-Critical-Flaws-in-Telegram-Channelsdata

SmarterMail Vulnerabilities Exposed: Rapid Weaponization of Critical Flaws in Telegram Channels

Vaibhav February 18, 2026
en_USEnglish
en_USEnglish