EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Kaspersky flags keenadu android malware/backdoor tied to preinstalled firmware compromise

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-18 12:14 UTCUpdated 2026-02-18 15:41 UTC
rss
malwareandroidmobile_securitysupply_chainfirmwarebackdoor
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
New backdoor found in Android tablets targeting users in Russia, Germany and Japan
The Record (Recorded Future News) · News · therecord.media · 2026-02-18 15:30 UTC
View all evidence
Overview

Multiple outlets are reporting on Kaspersky’s discovery of “Keenadu,” an Android backdoor/malware family that can arrive preinstalled via device firmware—limiting what end users can do to remove it—and that has been observed on thousands of devices across multiple countries. Coverage emphasizes the risk of firmware-level compromise as a supply-chain and device integrity problem rather than a typical “malicious app” scenario.

Entities
KasperskySwimlaneGoogleSecurityWeekKeenaduAndroidGoogle PlayNick Tausek
Score total
1.17
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Kaspersky released a report this week describing Keenadu
  • Multiple outlets amplified the finding within the last 24 hours
  • Reporting highlights thousands of affected devices and multi-country targeting
Why it matters
  • Firmware-level malware can be hard for users to remove and may persist across resets
  • Preinstalled compromise shifts risk toward supply chain and device integrity controls
  • Cross-country detections suggest broad exposure beyond a single region
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Kaspersky reports a previously undocumented Android backdoor dubbed Keenadu that can be built into device core software/firmware and load into apps.
  • Keenadu has been observed affecting thousands of devices across multiple countries, with reporting citing over 13,000 detections as of February.
  • Reporting says Keenadu has been distributed both via preinstallation on devices and via Google Play/other app stores.
How sources frame it
  • CSO Online: neutral
  • SecurityWeek: neutral
  • The Record (Recorded Future News): neutral
All evidence
All evidence
New Keenadu Android Malware Found on Thousands of Devices
SecurityWeek · securityweek.com · 2026-02-18 15:41 UTC
New backdoor found in Android tablets targeting users in Russia, Germany and Japan
The Record (Recorded Future News) · therecord.media · 2026-02-18 15:30 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SecurityWeek (1)
  • The Record (Recorded Future News) (1)
  • CSO Online (1)
Top origin domains (this list)
  • securityweek.com (1)
  • therecord.media (1)
  • csoonline.com (1)