How does malware get on our devices? Typically, it comes from suspicious downloads. We’re talking about email attachments from unknown senders or downloading APKs from shady websites. But coming preinstalled on firmware before the devices even go on sale? That’s rare, but it’s also an unfortunate reality, according to researchers who discovered an Android backdoor called Keenadu.
Researchers discover Android backdoor preinstalled on firmware
The researchers at Kaspersky have recently discovered an Android backdoor called Keenadu. Now, these types of backdoors aren’t exactly new. However, what makes their findings disturbing and worrying is how the malware was inserted into the device’s firmware build process. This means that the phones have already been infected before they reach users.
Imagine buying a brand-new phone or tablet, only for it to contain malware that could give the attackers access to your device the second you turn it on. The researchers say, “The infection occurred during the firmware build phase, where a malicious static library was linked with libandroid_runtime.so. Once active on the device, the malware injected itself into the Zygote process, similarly to [the Triada backdoor]. In several instances, the compromised firmware was delivered with an OTA update.”
They also suggest that this happened due to a supply-chain compromise. “One stage of the firmware supply chain was compromised, leading to the inclusion of a malicious dependency within the source code. Consequently, the vendors may have been unaware that their devices were infected prior to reaching the market.”
To date, the researchers confirm that around 13,000 devices have been infected. They did not disclose which brands or models are affected, but the vendors have been notified. Hopefully, they are already working on a fix to push out clean firmware updates.
Google’s response
So, what can you do if you happen to own a device infected with the Keenadu Android backdoor? Well, it turns out you might not need to do anything. As long as your device is Play Protected certified, apparently you should be protected against it.
This is according to a statement Google released to Android Authority. The Google spokesperson was quoted as saying, “Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users and disable apps known to exhibit Keenadu-associated behavior, even when those apps come from sources outside of Play. As a best security practice, we recommend users ensure their device is Play Protect certified.”
The post This Android Malware Was Already on Your Device Before You Even Bought It appeared first on Android Headlines.
