Researchers have discovered a sophisticated Android backdoor named Keenadu, which compromises devices at the firmware level. By embedding a malicious static library into libandroid_runtime.so during the build phase, the malware hooks into the Zygote process to infect every application launched on the device. This supply chain attack effectively bypasses Android's app sandboxing and permission systems, granting attackers virtually unrestricted control over the affected hardware.
The investigation revealed that Keenadu is part of a larger ecosystem of Android threats, showing technical links to the Triada, BADBOX, and Vo1d botnets. While currently used for ad fraud, search hijacking in Chrome, and installation monetization, the backdoor's architecture allows for more invasive actions like credential theft. Security experts recommend checking for official firmware updates or disabling infected system components via ADB to mitigate the risk.
Top comments (0)