Multiple brands of Android tablets shipped with built-in malware
Source: Android Authority
TL;DR
- Researchers found a firmware‑level Android backdoor called Keenadu preinstalled on certain tablets before sale.
- The malware injects into Android’s Zygote process, giving attackers broad control over apps and data on the tablets.
- The issue appears limited to lesser‑known tablet brands; affected users should install updates immediately.
Background
Most Android malware spreads through shady apps or dodgy downloads, allowing users some control over infection risk. However, security researchers have discovered a more unsettling threat: a backdoor built directly into the firmware of certain Android tablets before they even reach users.
Technical Details
- Keenadu is a firmware‑level backdoor uncovered by Kaspersky researchers.
- It injects itself into the Zygote process, the core system component that launches every app on an Android device.
- Once active, the backdoor can:
- Download additional modules.
- Redirect browser searches.
- Track app installations for profit.
- Interact with advertising elements.
Operating at this level gives the malware far more reach than a typical malicious app.
Affected Devices
The researchers identified the backdoor in firmware images for the Alldocube iPlay 50 mini Pro tablet. Every examined version, including releases issued after the vendor acknowledged malware reports, contained the backdoor. The firmware files carried valid digital signatures, indicating a supply‑chain compromise rather than post‑release tampering.
Impact and Distribution
- Kaspersky reports 13,715 users worldwide have encountered Keenadu or its modules.
- Highest infection numbers are in Russia, Japan, Germany, Brazil, and the Netherlands.
- The threat is linked to other Android botnet families, such as Triada, BadBox, and Vo1d.
The issue does not appear to affect major flagship Android brands. Most affected vendors have not been publicly named.
Recommendations
- If you own a budget Android tablet—especially from a smaller or unfamiliar brand—regularly check for software updates and install them as soon as they become available.
- Vendors have been notified and are expected to release clean firmware updates.