APT / THREAT GROUP
Keenadu
2
aliases
Last seen:May 15, 2026
Intelligence Profile
Keenadu is an Android backdoor that is distributed primarily through pre-infected device firmware, as well as through malicious apps. Its capabilities include full remote control of a victim's device, ad fraud, and browser search hijacking.
Threat Analysis
Keenadu is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Keenadu
Android devices ship with firmware-level malware
Sophos X-Ops· Mar 18, 2026
Mobile malware evolution in 2025
Securelist (Kaspersky)· Mar 4, 2026
New Keenadu Android Malware Found on Thousands of Devices
SecurityWeek· Feb 18, 2026
New backdoor found in Android tablets targeting users in Russia, Germany and Japan
The Record· Feb 18, 2026
Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
The Hacker News· Feb 17, 2026
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Securelist (Kaspersky)· Feb 17, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
apk.keenaduKeenadu
External Intelligence
Malpedia: apk.keenaduResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.