Cybersecuritynews
Keenadu Android Backdoor Infects Firmware via Google Play Apps
First seen 17 Feb 2026, 11:10 UTC
•



+19
•85% similarity
•51.5
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Keenadu Android backdoor has been identified as a sophisticated threat that infects device firmware during the build stage and spreads through apps on Google Play. This malware enables attackers to gain remote control of victims' devices, similar to the Triada Trojan, by hooking into the Zygote process, affecting all launched applications. Users of Android devices are particularly at risk from this vulnerability.
ThreatCluster AI
Timeline
2025-04-01
Initial report on Triada backdoor's firmware compromise
2026-02-16
Detailed analysis of Keenadu backdoor published
2026-02-17
Cybersecuritynews article published on Keenadu threat