Android devices ship with firmware-level malware
Summary
Sophos researchers have identified a new Android malware called Keenadu that is embedded at the firmware level. While it grants attackers significant control, its primary use appears to be facilitating ad fraud. This indicates a sophisticated supply chain attack vector where malicious code is pre-installed on devices.
IFF Assessment
The discovery of firmware-level malware that is difficult to remove poses a significant threat to users and defenders, as it bypasses traditional software-based security measures.
Defender Context
Defenders should be aware of the potential for pre-installed malware on Android devices, even those from seemingly reputable sources. This necessitates rigorous device vetting, supply chain security audits, and user education on identifying suspicious device behavior or performance issues.