Have you thought about how secure your company's digital tools really are? Learn more about the recent surge of Android devices infected with stealthy backdoor malware.
Even Brand-New Devices Aren't Safe
Always buy your Android phones, tablets, and laptops from a reputable, manufacturer-approved source.
Researchers from Kaspersky warn that some devices come preinstalled with malicious software that can take over the operating system, steal your data, alter app settings, and more. The particular malware variant involved in these cases is Keenadu, a type of "backdoor" program that allows easy unauthorized access.
An even more alarming discovery stems from hackers also deploying Keenadu at the firmware level, meaning they installed it below the OS and before manufacturers even released the devices on the market.
Why Is This Type of Malware so Dangerous?
A firmware-level Android malware threat can do more damage than the ones deployed through malicious APKs because of the following:
- It's nearly undetectable by traditional antivirus software and endpoint security tools.
- It may persist through complete system reformatting and hard drive replacements.
- Infiltrating the firmware layer grants attackers "root-level" access or better.
The Keenadu Android malware infection, in particular, can access every app installed on the infected device, install new apps from APK files, and unlock all permissions. In other words, all media, messages, banking credentials, and other sensitive information become compromised.
Is Your Business Safe?
How can you tell if you have Android devices infected with stealthy backdoor programs? Kaspersky has identified 13,000 infected endpoints so far, with most located in Japan, Germany, Russia, Brazil, and the Netherlands.
The malware first checks the device's language and time zone. If it finds an association with China, it won't integrate, likely because the threat actors are based there. Some signs you have a preinstalled Android backdoor on new devices include:
- Unexplained device behavior, such as apps crashing or running unusually slow
- Increased data usage without any clear reason
- Unfamiliar applications installed on the device that you did not authorize
- Battery drains faster than expected, even with normal usage
- Suspicious network activity, including connections to unrecognized servers
- Difficulty in accessing certain settings or applications due to restrictions imposed by malicious software
What To Do Next
Kaspersky has already notified the affected vendors, and they are likely working on releasing clean firmware patches. The cybersecurity specialists recommend deactivating all system apps and not using the infected devices in the meantime.
Android Device Security Risks and Protection
Even if your company doesn't operate in the mentioned regions, it never hurts to stay cautious. Regularly update devices, use modern antivirus software, and educate employees on cyber threats.
A proactive approach reduces risks and keeps your company better protected from Android devices infected with stealthy backdoor malware.
