Keenadu: The Firmware Backdoor That Ships Inside the Box

Kaspersky disclosed Keenadu, a firmware-level Android backdoor preinstalled at the firmware build stage that injects into Zygote to compromise every app on affected tablets, persists on the read-only system partition (requiring a full firmware reflash to remove), uses a dormancy period before retrieving modular payloads from cloud CDNs for ad fraud and silent APK installs, and shares infrastructure and code ties with major botnets (BADBOX, Triada, Vo1d), indicating a large-scale supply chain threat ecosystem.