Keenadu: Android malware that comes preinstalled and can’t be removed by users
Summary
Kaspersky researchers have discovered a new Android malware called Keenadu that comes preinstalled on devices, embedded in the system firmware. This malware runs with elevated privileges and is difficult for users to detect or remove using conventional methods, impacting over 13,000 devices as of February.
IFF Assessment
Pre-installed malware that is difficult to remove is bad for defenders and end users.
Severity
Defender Context
This highlights the importance of supply chain security and firmware integrity. Defenders should focus on identifying compromised devices, monitoring network traffic for suspicious activity, and educating users about the risks of pre-installed malware. This trend demonstrates a growing sophistication in malware distribution, moving beyond app stores to directly compromising the device manufacturing process.