← Back to Pulse Feed
PULSE DETAIL
Keenadu malware is a significant cyber threat targeting Android devices, identified by SophosLabs analysts in late February 2026. This malware operates as a firmware-level backdoor embedded within the libandroid_runtime.so library, enabling attackers to take full control of infected devices. By injecting itself into the Zygote process, which serves as the parent for all Android applications, Keenadu ensures its presence across all apps on the compromised device. The payload can function as a downloader for various malicious modules aimed at extracting data from applications or facilitating ad fraud.
Indicators of Compromise (35)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 11eaf02f41b9c93e9b3189aa39059419 | MD5 of 7db58b72a3493a86e847c3685eca74c690d50b55 | 2026-03-24 | |
| FileHash-MD5 | 3c03168c98ad6111c3aa0a960f8b7eea | — | 2026-03-24 | |
| FileHash-MD5 | b80b39ed95d54c8c1bf12e35f92e23cc | — | 2026-03-24 | |
| FileHash-MD5 | cb0d514d86ddfaf4345d25cef064863b | — | 2026-03-24 | |
| FileHash-MD5 | cd619b4e1e793f96eca877616a741bc1 | MD5 of c33b025bac789d3742278f784377fc36f83fd1ff | 2026-03-24 | |
| FileHash-SHA1 | 7db58b72a3493a86e847c3685eca74c690d50b55 | — | 2026-03-24 | |
| FileHash-SHA1 | 7eb32a90d556bb9954707014843a67f7039ea7f1 | — | 2026-03-24 | |
| FileHash-SHA1 | b73c94e56932f607108ec1efb74004c763a9e42b | — | 2026-03-24 | |
| FileHash-SHA1 | c33b025bac789d3742278f784377fc36f83fd1ff | — | 2026-03-24 | |
| FileHash-SHA1 | dcf2b51bfc43494bb27f5da26f3f706ca878d17e | — | 2026-03-24 | |
| FileHash-SHA256 | 34a0236b5c7b47577be4501e2c18908916ef9ec22032a6ea41b0ecceaf4e8d8a | — | 2026-03-24 | |
| FileHash-SHA256 | 52db1f284a0dccbb750314cf765131a17a8284a2aeea04701a2b71f35fb9d9ee | SHA256 of 7db58b72a3493a86e847c3685eca74c690d50b55 | 2026-03-24 | |
| FileHash-SHA256 | ab6d744dccf4c6266474df4b8aa3be6ae5663dbee39c579a552a4cfa1c1d12fd | — | 2026-03-24 | |
| FileHash-SHA256 | cdf1d41d732ba882184060933bec2c1f4b8eefc081c06471132a690f2205da31 | — | 2026-03-24 | |
| FileHash-SHA256 | da1c7f53add0abaa8a49b773e5cea9c9171799f644ec24e366aaf7ce29962a11 | SHA256 of c33b025bac789d3742278f784377fc36f83fd1ff | 2026-03-24 | |
| domain | aifacecloud.com | — | 2026-03-24 | |
| domain | dllpgd.click | — | 2026-03-24 | |
| domain | fbgraph.com | — | 2026-03-24 | |
| domain | fbsimg.com | — | 2026-03-24 | |
| domain | gbugreport.com | — | 2026-03-24 | |
| domain | glogstatic.com | — | 2026-03-24 | |
| domain | gmsstatic.com | — | 2026-03-24 | |
| domain | goaimb.com | — | 2026-03-24 | |
| domain | gsonx.com | — | 2026-03-24 | |
| domain | gstatic2.com | — | 2026-03-24 | |
| domain | gvvt1.com | — | 2026-03-24 | |
| domain | iboot.site | — | 2026-03-24 | |
| domain | keepgo123.com | — | 2026-03-24 | |
| domain | newsroomlabss.com | — | 2026-03-24 | |
| domain | playstations.click | — | 2026-03-24 | |
| domain | proczone.com | — | 2026-03-24 | |
| domain | sliidee.com | — | 2026-03-24 | |
| domain | uscelluliar.com | — | 2026-03-24 | |
| domain | ytimg2.com | — | 2026-03-24 | |
| hostname | launcher.szprize.cn | — | 2026-03-24 |