ISLAMABAD: A global cybersecurity company has warned Pakistanis that the company has detected a new malware for Android devices, which is infecting every application installed on these devices.
According to a report issued by the Kaspersky on Wednesday, the malware is distributed in multiple forms – it can be preinstalled directly into devices’ firmware, embedded within system apps, or even downloaded from official app stores such as Google Play. Currently Keenadu (malware) is used for ad fraud, with attackers using infected devices as bots to deliver link clicks on ads, but it can also be used for malicious purposes, with some variants even allowing full control of the victim’s device.
As of February 2026, Kaspersky mobile security solutions detected over 13,000 devices infected with Keenadu, the report said.
Similar to the Triada backdoor that Kaspersky detected in 2025, some versions of Keenadu are integrated into the firmware of several models of Android tablets at one of the supply chain stages. In this variant, Keenadu is a fully functional backdoor that provides the attackers with unlimited control over the victim’s device. It can infect every app installed on the device, install any apps from APK files and give them any available permission.
As a result, all information on the device, including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors search queries that the user inputs into the Chrome browser in incognito mode.
When integrated into the firmware, the malware behaves differently depending on several factors.
Kaspersky experts also discovered that several apps distributed on Google Play are infected with Keenadu. These are apps for smart home cameras, and they’ve been downloaded over 300,000 times. As of the time of publication, these apps have been removed from Google Play, the report added.
Copyright Business Recorder, 2026