New Android Malware Infects 13,000 Devices Through Supply Chain Attack

Kaspersky finds "Keenadu" malware in Android firmware, affecting 13,000 devices worldwide and linked to major botnets.

By Content Team

Feb 18, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Kaspersky discovered "Keenadu" malware embedded in Android device firmware from multiple small manufacturers, affecting 13,000 devices globally as of February. The malware infiltrates every app on infected devices through Android's core Zygote process, giving attackers complete remote access.

The supply chain attack occurred when compromised firmware reached devices either pre-installed or through legitimate security updates. Russia has the most affected users, followed by Japan, Germany, Brazil, and the Netherlands.

Currently used for ad fraud, Keenadu can hijack browser searches, monitor Chrome queries, and manipulate shopping carts on Amazon, Shein, and Temu. Worryingly, researchers found connections between Keenadu and three major Android botnets: BADBOX, Triada, and Vo1d.

For firmware-level infections, complete firmware replacement is the only solution. Users should stop using infected devices until fixed.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Steal 200 Million Pornhub User Records in Major Data Breach

Dec 18, 2025

Supply Chain Breaches Hit 97% of Companies Globally, New Survey Shows

Nov 20, 2025

Cisco Patches Critical Zero-Day Exploited by Chinese Hackers

Jan 17, 2026

Six Nations Release AI Security Guidelines for Critical Infrastructure

Dec 4, 2025