EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Backdoor Identified on Android Tablets
    • Home
    • Fraud
    • Backdoor Identified on Android Tablets

    Backdoor Identified on Android Tablets

    Written by
    The Editorial Team
    02.19.26
    Fraud
    01
    MIN
    Backdoor Identified on Android Tablets
    Backdoor Identified on Android Tablets
    Backdoor Identified on Android Tablets
    Image European police forces dismantle major credit card fraud network
    Fraud
    11.07.25 Fraud
    Next article
    European police forces dismantle major credit card fraud network
    Read
    01
    MIN
    Image Dismantling of BidenCash, a Stolen Credit Card Marketplace
    Fraud
    06.11.25 Fraud
    Next article
    Dismantling of BidenCash, a Stolen Credit Card Marketplace
    Read
    01
    MIN
    Image Online Fraud: Nigeria Sentences Nine Chinese Nationals to Prison
    Fraud
    06.11.25 Fraud
    Next article
    Online Fraud: Nigeria Sentences Nine Chinese Nationals to Prison
    Read
    01
    MIN
    Image International Operation Dismantles Lumma Infostealer Infrastructure
    Fraud
    05.23.25 Fraud
    Next article
    International Operation Dismantles Lumma Infostealer Infrastructure
    Read
    01
    MIN
    Pre-installed in device firmware before commercialization, it primarily affects Russia, Japan and Germany.

    On February 17, 2026, Kaspersky published a report on “Keenadu,” a backdoor embedded in the firmware of Android tablets. Researchers identified it on devices from several manufacturers, including the Chinese company Alldocube. Cybercriminals reportedly installed Keenadu on tablets during the firmware development phase, likely through a compromised supply chain.

    “Suppliers may not have been aware that their devices were infected before being placed on the market,” the Kaspersky report states. “Keenadu is a fully fledged backdoor that allows attackers to gain near-total control of the device,” the researchers added.

    Kaspersky identified more than 13,700 infected Android tablets worldwide. The most affected countries, in descending order, are Russia, Japan, Germany, Brazil and the Netherlands. Attackers primarily used Keenadu for advertising fraud. It enabled them to hijack search engines and app installations, thereby exploiting advertising components to generate revenue.

    Kaspersky has not attributed the campaign to a specific actor. However, researchers noted that the backdoor disables itself if the interface language is set to a Chinese dialect or if it detects a Chinese time zone. The only way to remove Keenadu is to reinstall a clean version of the firmware. In some cases, fully replacing the device is “the safest solution.”

    The Editorial Team
    02.19.26
    Articles by the same author:
    1
    03.06.26 Risks management
    0-day attacks increasingly target the private sector
    Read
    01
    MIN
    2
    03.06.26 Cybercrime
    The leader of the Phobos ransomware gang pleads guilty before U.S. justice
    Read
    01
    MIN
    3
    03.03.26 Cyber stability
    NATO Authorizes the Use of iPhones for Classified Data
    Read
    02
    MIN
    4
    03.03.26 Cyber +
    The United States Exclude Anthropic from Federal Agencies
    Read
    02
    MIN
    Image European police forces dismantle major credit card fraud network
    Fraud
    11.07.25 Fraud
    Next article
    European police forces dismantle major credit card fraud network
    Read
    01
    MIN
    Image Dismantling of BidenCash, a Stolen Credit Card Marketplace
    Fraud
    06.11.25 Fraud
    Next article
    Dismantling of BidenCash, a Stolen Credit Card Marketplace
    Read
    01
    MIN
    Image Online Fraud: Nigeria Sentences Nine Chinese Nationals to Prison
    Fraud
    06.11.25 Fraud
    Next article
    Online Fraud: Nigeria Sentences Nine Chinese Nationals to Prison
    Read
    01
    MIN
    Image International Operation Dismantles Lumma Infostealer Infrastructure
    Fraud
    05.23.25 Fraud
    Next article
    International Operation Dismantles Lumma Infostealer Infrastructure
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.