Cybersecurity firm Kaspersky has uncovered a firmware-level backdoor that has apparently affected thousands of tablets globally.
It’s called Keenadu and was apparently discovered while Kaspersky was investigating a Trojan installed on affordable Android devices called Triada.
Keenadu was apparently created to infiltrate the deepest parts of the operating system without the users knowing. The threat will infect the firmware during the binary build phase.
It is apparently found on Android tablets from many unnamed brands.
The threat is built on a multi-level design, which is detailed by the graph below:
Once effective, the operators are given unrestricted control to affected devices remotely.
It can target browser search engines, perform stealth interactions with advertising, monetize new app installations, and more.
Traces of Keenadu were also found on apps coming from Google Play, Xiaomi GetApps, and more.
The origin of the threat is unknown. However, researchers suspect it came from cybercriminals who gained access to the critical phase of the supply chain.
But, Kaspersky was able to trace it back to Alldocube, a maker of tablets that shares its firmware archives publicly for security vetting.
Kaspersky said that 13,715 users across the globe are affected by Keenadu and one of its modules. Most of these users are from Japan, Russia, Brazil, Germany, and the Netherlands.
To keep you safe, it’s best to make sure you install Android security updates once they are available.