Keenadu malware compromises Android devices in Brazil
TL;DR
The Keenadu malware affects Android devices in Brazil, infiltrating firmware. It allows total control over infected devices, impacting many users.
The Keenadu malware is affecting Android devices in Brazil by infiltrating the firmware, the essential software embedded in hardware. This malware compromises all installed apps and allows complete control over infected devices, with Brazil being one of the most impacted countries.
According to Kaspersky, Keenadu spreads through compromised firmware images delivered via OTA (over-the-air) updates and also through modified apps from unofficial sources and the Google Play Store. By February 2026, 13,000 infected devices had been confirmed in countries like Russia, Japan, Germany, Brazil, and the Netherlands.
Keenadu is compared to Triada, a malware found in counterfeit Android devices. Its firmware version is not activated if the language or time zone is set to China, and it halts its functions if the Play Store and Google Play Services are not present on the device.
The malware can steal data and perform risky actions on the device. As it resides in the firmware, it cannot be removed with standard Android tools. Kaspersky recommends installing a clean version of the firmware or replacing the device with one from a trusted vendor.
Google stated it has removed compromised apps from the Play Store and that Google Play Protect can disable apps associated with Keenadu. Users are advised to ensure their devices are certified by Play Protect for enhanced security.
Content selected and edited with AI assistance. Original sources referenced above.
