Kaspersky researchers have uncovered Keenadu, a sophisticated new Android backdoor that can embed itself directly into device firmware, infecting every app launched on compromised tablets from multiple brands, including Alldocube.

The malware, which grants attackers near-unlimited remote control-including data exfiltration, ad fraud via simulated clicks, and arbitrary permission changes-spreads through supply-chain compromises during firmware builds, OTA updates, or even via apps on Google Play and third-party stores.

Detected on over 13,000 devices worldwide, primarily in regions like Russia, Japan, Germany, and Brazil, Keenadu shares technical similarities with prior threats like Triada and is currently mainly used for monetizing infected devices through advertising fraud.

Users of affected devices are advised to seek clean firmware updates from manufacturers or use security tools for detection and removal, as the infection's deep system-level persistence makes it particularly challenging to eradicate.