Notebookcheck Logo

Android users beware: Pre-installed malware can access system data, including private information and banking details

Keenadu: Android malware that can access everything on an infected device, and is far from easy to get rid of.
ⓘ Tima Miroshnichenko, Google, edited
Keenadu: Android malware that can access everything on an infected device, and is far from easy to get rid of.
Security researchers have discovered a new pre-installed Android malware, dubbed Keenadu, which is not only extremely dangerous, granting almost complete device privileges to bad actors, but is also nearly impossible to remove without expert help.
Software

Courtesy of security researchers, unsuspecting customers can often get to know about security exploits lurking inside their smart devices. One such team from Kaspersky Labs has discovered a new malware which, shockingly enough, sometimes comes pre-installed in modern Android devices.

Dubbed Keenadu, this sophisticated piece of malware can infect OTA upgrade packages, thereby sneaking into the firmware of affected devices. Other ways the malware can sneak into devices happen to be through sketchy unofficial app installers, and sometimes even through the official Google Play Store.

The malware is no joke, and can apparently grant complete device access to actors with ill intent. This includes, as stated by Kaspersky, access to system data including personal files and sensitive information, ability to install apps without consent, and the like. Interestingly, it also appears that the malware has only be utilized to commit ad fraud so far.

Some of the infected apps that have been discovered by Kaspersky are listed in the following image:

The infected apps, detected by Kaspersky, have now been removed from Play Store.
ⓘ Kaspersky, BleepingComputer
The infected apps, detected by Kaspersky, have now been removed from Play Store.

As for the malware's origin, there does not appear to be any concrete information. However, researchers have found that it does not activate if it detects Chinese timezones or location, and also if Play Store is not found on the device. While we're not making any claims, we would still like to point out that Google Play Store is non-functional in China.

The malware was found in many devices, one of which was the Alldocube iPlay 50 Mini Pro. Allodcube is also of Chinese origin, and has previously admitted to having suffered from compromised OTA update channels, as pointed out by BleepingComputer.

As of this writing, Kaspersky has stated that the "Keenadu" malware has claimed more than 13,000 victims, with devices mostly from Japan, Russia, Netherlands, Germany, and Brazil. 

Sadly enough, if a user does suffer from such an attack, the best course of action appears to be to replace it with a new one from a maker of better repute. This is because the malware embeds itself so "deeply" into a device's firmware, that it becomes practically impossible to remove. Sourcing a firmware from a different provider may work, but that comes with its own risks, such as incompatibility.

Source(s)

Teaser image by Tima Miroshnichenko

Please share our article, every link counts!
Mail Logo
Google Logo Add as a preferred
source on Google

No comments for this article

Got questions or something to add to our article? Even without registering you can post in the comments!
No comments for this article / reply

static version load dynamic
Loading Comments
Comment on this article

Related Articles

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 02 > Android users beware: Pre-installed malware can access system data, including private information and banking details
Sambit Saha, 2026-02-23 (Update: 2026-02-23)