The purchase of a new smartphone no longer guarantees security. Cybersecurity experts have identified the Keenadu malware on more than 13,000 Android devices. Some gadgets received the virus even during the production and setup stages.
For cryptocurrency users, such incidents are particularly sensitive, as the malware can gain extensive control over the device and access confidential data.
A virus with system access
Keenadu has, in some cases, been embedded in firmware or system applications. The virus disguises itself as legitimate system components and gains extensive permissions within the device.
According to specialists, malware can:
gain full control over the device;
infect installed applications;
install programs from APK files;
automatically grant them all permissions.
With such a level of access, the user's confidential data is at risk. This includes photos and videos, personal messages, banking details, and geolocation.
Malware can also track search queries in Google Chrome, including actions in incognito mode.
If cryptocurrency wallets or exchange applications are used on the infected device, such access theoretically poses risks of compromising digital assets. Direct evidence of targeted cryptocurrency theft in identified cases has not been provided, however, the technical capabilities of the malware allow for such a scenario.
Infection before the sale of devices
The key feature of the incident is the method of infection. Users did not install the virus themselves. The malware got onto devices even before sale.
This refers to an attack on the supply chain — when malware is introduced at the stages of development, assembly, or preparation of devices.
Such scenarios include:
infection of components and libraries during software development;
introduction of malware during factory flashing;
compromise of update servers of contractors;
installation of infected firmware during pre-sale setup.
Such attacks are considered particularly dangerous. The user receives a compromised device and cannot influence the moment of infection.
System malware is difficult to detect as it masquerades as legitimate processes. In some cases, even a factory reset does not guarantee complete removal.
Additionally, infected devices can be used in bot networks. The main documented target of Keenadu is advertising traffic fraud, where smartphones automatically inflate clicks on ads. Specialists also admit the possibility of expanding the functionality of the malware for other tasks.
Security measures for crypto users
In light of such incidents, users of digital assets should pay more attention to device security:
do not store large sums in mobile wallets;
use hardware solutions for long-term storage;
update the system immediately after purchase;
avoid entering seed phrases on a new device;
monitor suspicious activity of applications.
The situation with Keenadu shows: the threat can arise even before the smartphone is used. In conditions where mobile devices have become a key tool for accessing digital assets, the security of firmware and the system becomes part of the overall strategy for protecting funds.
Want to access expert insights? Subscribe to our Telegram channel, gain access to trading signals and market news, and communicate with our analyst. Stay one step ahead of the market every day!