Signal

Kaspersky flags “keenadu” android malware embedded via firmware/preinstall path

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-17 22:06 UTCUpdated 2026-02-18 15:41 UTC

rss

malwareandroidmobile_securitysupply_chainfirmwarebackdoor

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

New Keenadu Android Malware Found on Thousands of Devices

SecurityWeek · News · securityweek.com · 2026-02-18 15:41 UTC

New backdoor found in Android tablets targeting users in Russia, Germany and Japan

The Record (Recorded Future News) · News · therecord.media · 2026-02-18 15:30 UTC

Keenadu: Android malware that comes preinstalled and can’t be removed by users

CSO Online · News · csoonline.com · 2026-02-18 12:14 UTC

Supply Chain Attack Embeds Malware in Android Devices

Dark Reading · News · darkreading.com · 2026-02-17 22:06 UTC

View all evidence

Overview

Kaspersky has disclosed Keenadu, a preinstalled Android malware that poses significant security risks by compromising devices before users can take action.

Score total

1.42

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Kaspersky released a report detailing this previously undocumented threat.
Multiple outlets highlighted the implications for supply-chain and firmware integrity.
Current detection counts indicate a significant number of affected devices.

Why it matters

Firmware/preinstall malware can bypass typical defenses against bad apps.
Keenadu's ability to load into apps raises enterprise exposure risk.
The malware's multi-country impact suggests broad distribution channels.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Keenadu can be preinstalled via device firmware, compromising users before they even complete setup.
The malware has been detected on over 13,000 devices in multiple countries.
Keenadu can hijack browser searches and commit ad fraud without user knowledge.

How sources frame it

CSO Online: neutral
SecurityWeek: neutral
Dark Reading: neutral

All evidence

All evidence

New Keenadu Android Malware Found on Thousands of Devices

SecurityWeek · securityweek.com · 2026-02-18 15:41 UTC

New backdoor found in Android tablets targeting users in Russia, Germany and Japan

The Record (Recorded Future News) · therecord.media · 2026-02-18 15:30 UTC

Keenadu: Android malware that comes preinstalled and can’t be removed by users

CSO Online · csoonline.com · 2026-02-18 12:14 UTC

Supply Chain Attack Embeds Malware in Android Devices

Dark Reading · darkreading.com · 2026-02-17 22:06 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

SecurityWeek (1)
The Record (Recorded Future News) (1)
CSO Online (1)
Dark Reading (1)

Top origin domains (this list)

securityweek.com (1)
therecord.media (1)
csoonline.com (1)
darkreading.com (1)