Security researchers have discovered a sophisticated backdoor embedded within the firmware of several Android tablet brands. The malware, which is distributed through official over the air update channels, grants attackers extensive control over infected devices.

Kaspersky, the global cybersecurity company, disclosed the findings. The firm’s analysts identified the backdoor, which they named “Keenadu,” during an investigation into suspicious firmware. The compromise is believed to have occurred during the device firmware build process, before it reaches consumers.

Infection Vector and Affected Devices

The Keenadu backdoor is notable for its method of distribution. Unlike typical malware that relies on user error, this threat is installed via signed system updates. These updates are digitally verified by the device, making them appear legitimate and trustworthy to the security mechanisms.

This method allows the malicious code to be deeply embedded in the device’s core software. Once installed, it operates with high level system privileges. Kaspersky has linked the backdoor to devices sold under various brand names, including Alldocube tablets.

Capabilities of the Keenadu Backdoor

The backdoor possesses a wide range of functions designed for covert surveillance and control. According to the technical analysis, it can silently harvest sensitive user data from the device. This includes the ability to collect files, contact lists, and application information.

Furthermore, Keenadu can receive and execute commands from a remote server. This allows attackers to manipulate the tablet’s behavior after infection. The backdoor is engineered to operate stealthily, avoiding detection by both users and standard security software.

Industry and Expert Reaction

The discovery has raised significant concerns within the mobile security community. The use of a compromised supply chain to distribute malware represents a serious escalation in threat actor tactics. It undermines trust in official software update mechanisms, which are critical for device security.

Security experts emphasize that this incident highlights the risks in the complex global technology supply chain. When firmware is modified at its source, it can bypass most conventional security defenses. End users have few practical ways to identify or prevent such an infection on their own.

Protection and Mitigation Steps

For consumers, direct mitigation options are limited due to the firmware level nature of the threat. Users of potentially affected devices are advised to monitor official communications from their device manufacturer for security patches. Applying any available firmware updates from a trusted source is crucial.

Security researchers recommend practicing general mobile security hygiene. This includes being cautious about the applications installed on a device and the permissions granted to them. Using reputable security software can help detect some secondary malicious activities, even if it cannot remove the core backdoor.

The investigation into the Keenadu backdoor is ongoing. Kaspersky and other security firms are working to identify the full scope of affected device models and brands. Further technical indicators of compromise are expected to be published to aid in detection.

Device manufacturers implicated in the report are likely to conduct internal audits of their firmware build and distribution processes. Regulatory bodies in several jurisdictions may also examine the incident to assess potential breaches of consumer protection or product safety laws. The final resolution for consumers will depend on the release of clean, verified firmware updates from the official vendors.

Source: Kaspersky