Keenadu Android Backdoor Infects Firmware via Google Play Apps

Keenadu Android Backdoor Infects Firmware via Google Play Apps

First seen 17 Feb 2026, 11:10 UTC SecurelistCybersecuritynewsFeeds2.FeedburnerBleepingcomputerPcmag+19 85% similarity 51.5

Article Content

Browse articles
ThreatCluster

The Keenadu Android backdoor has been identified as a sophisticated threat that infects device firmware during the build stage and spreads through apps on Google Play. This malware enables attackers to gain remote control of victims' devices, similar to the Triada Trojan, by hooking into the Zygote process, affecting all launched applications. Users of Android devices are particularly at risk from this vulnerability.

ThreatCluster AI

Timeline

2025-04-01
Initial report on Triada backdoor's firmware compromise
2026-02-16
Detailed analysis of Keenadu backdoor published
2026-02-17
Cybersecuritynews article published on Keenadu threat

Community

Browse all →