Kaspersky has discovered a malware named Keenadu that is spreading to numerous devices globally, including in Brazil. Of particular concern is its ability to infect consumers through multiple channels, including pre-installed software.
Keenadu transforms the device into a “robot” that clicks on fake ads to earn money for criminals. Additionally, advanced versions give hackers full control, enabling them to install harmful apps and access sensitive data.
By February 2026, over 13,000 compromised devices had been detected, with Brazil, Russia, Japan, and Germany being among the most impacted nations.

How does Keenadu propagate?
The noteworthy aspect of this situation is the method in which the malware is transmitted. In certain instances, it is already integrated within the tablet or mobile device’s internal system, akin to the previous Triada incident. Consequently, the virus acquires heightened privileges and can potentially infiltrate various data, such as photos, messages, location information, banking details, and even browser activities, even in Google Chrome’s anonymous mode.
Keenadu can be concealed within system apps like facial recognition tools or the device’s home screen app, allowing malware to operate discreetly with elevated permissions and install additional programs unnoticed.

chsyys/Burst
Kaspersky discovered that certain widely-used apps on Google Play, such as smart home camera apps, were infected with a virus. These apps had been downloaded more than 300,000 times before being removed from the store. The virus created hidden browser tabs within the apps, enabling undisclosed browsing and generating deceptive income.
Be cautious when purchasing a new cellphone.
Experts emphasize the risk involved in purchasing devices without Anatel approval, such as those from the “gray market”, which are typically cheaper and imported, potentially lacking proper safety standards or being compromised.
The advice to minimize risk is to regularly update the system, refrain from downloading apps from unofficial sources, and utilize a trustworthy mobile security program. In case of a suspected infection within the device’s internal system, updating the firmware and conducting a thorough scan may be required. If the issue lies with a system application, disabling it could be the only feasible solution.
Source


