Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the backdoor provides attackers with extensive control over the device. Keenadu can infect other installed apps, install additional software from APK files, and grant those apps any permission available on the system. This enables compromise of sensitive data stored on the device, including media files, messages, banking credentials, and location information.The malware can also monitor search queries in the Chrome browser, even when users operate in incognito mode. Other ways of infection: Kaspersky noted that Keenadu’s distribution is not limited to preinstalled system components.In some cases, the malware has also been observed embedded within applications distributed through Android app stores, where it can be delivered as a seemingly harmless download and activated after installation. Most of these apps are for smart home cameras, and they’ve been downloaded over 300,000 times, the researchers said, adding that all of those were removed as of the time of the disclosure.Tausek says mitigation has to start earlier than “detect and remove.” “The way forward is to pair hard baselines like OTA governance and EMM policies with AI-driven prevention and containment that spots the behavioral fingerprints of backdoors before they turn into lateral movement,” he said. “AI models can continuously correlate mobile telemetry with identity, endpoint, and network signals to flag high-risk devices in real time and trigger automated guardrails like device isolation or the revocation of sessions and tokens.”Kaspersky’s recommendations included checking for firmware updates if the device is infected, running a device scan with a “reliable” security solution, and stopping the use of or disabling the application if an infection is suspected.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4133774/keenadu-android-malware-that-comes-preinstalled-and-cant-be-removed-by-users.html
