Security researchers have identified the Keenadu backdoor embedded in the firmware of multiple low-cost Android devices. The malware compromises the core Zygote process via a trojanized shared object library, allowing it to download second-stage modules for ad fraud and potentially exposing corporate credentials on BYOD devices.