What is Keenadu malware and how does it infect Android devices?

Firmware backdoor in libandroid_runtime.so, injected during build for budget phones like BLU and Ulefone. Gains root via Zygote.

Which Android phones have Keenadu malware?

Mostly low-cost: BLU Bold K50, Ulefone Armor 22, DOOGEE, Gionee. Over 50 models, 500+ devices detected.

How to remove Keenadu from my Android phone?

Update firmware from vendor; block apps like PriLauncher.apk. Use Sophos tools or hashes to scan.

🦠 Ransomware & Malware

Budget Android Phones Are Shipping Straight from Factories with Firmware Malware

We all knew cut-rate Android phones cut corners on specs. But shipping them infected with firmware-level malware? That's a supply chain gut-punch that exposes millions.

theAIcatchup Apr 09, 2026 3 min read

Cracked Android phone screen showing malware warning and factory firmware code

⚡ Key Takeaways

Keenadu backdoor is pre-installed in firmware of budget Android phones via supply chain compromise. 𝕏
Targets apps like Shein, YouTube for data theft and ad fraud clickers. 𝕏
Over 500 devices affected globally; update firmware or restrict access immediately. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Android firmware infection #Android firmware malware #Keenadu backdoor #Keenadu malware #budget Android phones #budget Android security #supply chain attack #supply chain compromise

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Sophos Threat Research

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

36 Fake npm Strapi Plugins Slip Redis and Postgres Backdoors into Dev Pipelines

LiteLLM's PyPI Poison: How Hackers Turned an AI Gateway into a Secret-Scavenger

North Korea's UNC1069 Turns Axios into a Global Backdoor Dropper

LiteLLM's Backdoor Bombshell: How Hackers Hijacked AI's Fast Lane

Stay in the loop