“A copy of the backdoor is loaded into the address space of every app upon launch,” Kaspersky explained, adding, “In certain firmware builds, Keenadu was integrated directly into critical system utilities, including the facial recognition service, the launcher app, and others.”The researchers have found links between Keenadu and several massive botnets largely powered by low-cost Android devices, includingTriada,Vo1d, andBadBox.As with the other botnets, evidence indicates that Keenadu has Chinese origins.“Several of the largest Android botnets are interacting with one another,” Kaspersky said. “Currently, we have confirmed links between Triada, Vo1d, and BadBox, as well as the connection between Keenadu and BadBox.”“It is important to emphasize that these connections are not necessarily transitive,” the company added. “For example, the fact that both Triada and Keenadu are linked to BadBox does not automatically imply that Triada and Keenadu are directly connected; such a claim would require separate evidence. However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
The researchers have found links between Keenadu and several massive botnets largely powered by low-cost Android devices, includingTriada,Vo1d, andBadBox.As with the other botnets, evidence indicates that Keenadu has Chinese origins.“Several of the largest Android botnets are interacting with one another,” Kaspersky said. “Currently, we have confirmed links between Triada, Vo1d, and BadBox, as well as the connection between Keenadu and BadBox.”“It is important to emphasize that these connections are not necessarily transitive,” the company added. “For example, the fact that both Triada and Keenadu are linked to BadBox does not automatically imply that Triada and Keenadu are directly connected; such a claim would require separate evidence. However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
As with the other botnets, evidence indicates that Keenadu has Chinese origins.“Several of the largest Android botnets are interacting with one another,” Kaspersky said. “Currently, we have confirmed links between Triada, Vo1d, and BadBox, as well as the connection between Keenadu and BadBox.”“It is important to emphasize that these connections are not necessarily transitive,” the company added. “For example, the fact that both Triada and Keenadu are linked to BadBox does not automatically imply that Triada and Keenadu are directly connected; such a claim would require separate evidence. However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
“Several of the largest Android botnets are interacting with one another,” Kaspersky said. “Currently, we have confirmed links between Triada, Vo1d, and BadBox, as well as the connection between Keenadu and BadBox.”“It is important to emphasize that these connections are not necessarily transitive,” the company added. “For example, the fact that both Triada and Keenadu are linked to BadBox does not automatically imply that Triada and Keenadu are directly connected; such a claim would require separate evidence. However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
“It is important to emphasize that these connections are not necessarily transitive,” the company added. “For example, the fact that both Triada and Keenadu are linked to BadBox does not automatically imply that Triada and Keenadu are directly connected; such a claim would require separate evidence. However, given the current landscape, we would not be surprised if future reports provide the evidence needed to prove the transitivity of these relationships.”Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
Related:GoBruteforcer Botnet Targeting Crypto, Blockchain ProjectsRelated:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
Related:‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices
Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.
Source: SecurityWeek
