https://pepelac.news/en/posts/id28130-keenadu-malware-infects-android-devices-targets-ad-fraud-and-data-theft

Keenadu malware infects Android devices, targets ad fraud and data theft

Keenadu malware outbreak on Android devices poses major security threat

Keenadu malware infects Android devices, targets ad fraud and data theft

Cybersecurity experts report Keenadu malware infecting 13,000+ Android phones, spreading via supply chain and apps. Learn about ad fraud, data risks, and protection tips.

2026-02-17T23:53:18+03:00

Cybersecurity experts have detected widespread distribution of the Keenadu malware on new Android devices. According to Kaspersky Lab, the infection was found on approximately 13,000 smartphones, with the highest number of cases in Russia. Incidents were also recorded in Japan, Germany, Brazil, and the Netherlands.This threat stands out because some devices were infected even before reaching buyers—during the supply chain phase. Analysts believe the malware infiltrated the firmware during device preparation, disguising itself as system components. Keenadu's primary purpose is ad fraud. Infected smartphones are used as bots to automatically generate clicks on advertising links. Experts say such schemes generate multi-million-dollar revenues for criminals.In practice, this is a highly profitable criminal business, with larger bot networks driving higher income. A business partner in cybersecurity at Cloud.ru, Yulia Lipatnikova, noted that profits from a single campaign can reach millions of dollars, easily covering the costs of setting up the scheme.Keenadu's functionality isn't limited to ads. In some variants, the virus allows full control over the device, enabling the installation of third-party apps, infecting other programs, and stealing personal data. At risk are photos, videos, messages, banking information, and location data. Moreover, the malware can track search queries in Google Chrome, even in incognito mode.Experts also observed unusual behavior from the virus. Keenadu does not activate if the device is set to a Chinese time zone, uses a Chinese language dialect, or lacks Google services. Beyond supply chain infections, the malware spread through apps. Previously, infected camera apps were found in the official Google Play store, with over 300,000 downloads combined. These apps have been removed, but users might not have realized that launching them opened hidden browser tabs to interact with advertising elements.Overall, this incident highlights the risks of relying solely on app store checks. Nikolai Anisenya, head of development at PT MAZE Positive Technologies, pointed out that even official sources can be used to deliver malware, including malicious clones of legitimate apps.

Keenadu malware, Android security, malware infection, ad fraud, cybersecurity, data theft, supply chain attack, Google Play malware, Android threats, mobile security

2026

Danny Weber

news

Keenadu malware outbreak on Android devices poses major security threat

Cybersecurity experts report Keenadu malware infecting 13,000+ Android phones, spreading via supply chain and apps. Learn about ad fraud, data risks, and protection tips.

Danny Weber, Editor

23:53 17-02-2026

This threat stands out because some devices were infected even before reaching buyers—during the supply chain phase. Analysts believe the malware infiltrated the firmware during device preparation, disguising itself as system components. Keenadu's primary purpose is ad fraud. Infected smartphones are used as bots to automatically generate clicks on advertising links. Experts say such schemes generate multi-million-dollar revenues for criminals.

In practice, this is a highly profitable criminal business, with larger bot networks driving higher income. A business partner in cybersecurity at Cloud.ru, Yulia Lipatnikova, noted that profits from a single campaign can reach millions of dollars, easily covering the costs of setting up the scheme.

Keenadu's functionality isn't limited to ads. In some variants, the virus allows full control over the device, enabling the installation of third-party apps, infecting other programs, and stealing personal data. At risk are photos, videos, messages, banking information, and location data. Moreover, the malware can track search queries in Google Chrome, even in incognito mode.

Experts also observed unusual behavior from the virus. Keenadu does not activate if the device is set to a Chinese time zone, uses a Chinese language dialect, or lacks Google services. Beyond supply chain infections, the malware spread through apps. Previously, infected camera apps were found in the official Google Play store, with over 300,000 downloads combined. These apps have been removed, but users might not have realized that launching them opened hidden browser tabs to interact with advertising elements.

Overall, this incident highlights the risks of relying solely on app store checks. Nikolai Anisenya, head of development at PT MAZE Positive Technologies, pointed out that even official sources can be used to deliver malware, including malicious clones of legitimate apps.