ID: IRCNE2012041462
Date: 2012-04-08
According to “CNet”, a new variant of a piece of Android malware dubbed LeNa (Legacy Native) has been modified so that it does not require user interaction to take control of a device, mobile security firm Lookout said today.
LeNa has been seen on alternative Android markets and not Google Play, so its spread will be limited to people who risk those exchanges, Lookout said in a blog post. The malware masquerades as a legitimate app, and the latest version can appear as a fully functional copy of the recently released Angry Birds Space, among other apps.
The original version of LeNa relied on the "SU" utility, which meant that only people who had rooted their devices were at risk, according to Lookout, which protects users against the malware.
"We've recently identified a significant update to LeNa that uses the GingerBreak exploit to gain root permissions on a device," said the Lookout blog post. "By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch)."
Both variants communicate with a command and control server and receive instructions to install additional software and push URLs to be displayed in the browser, Lookout said.
The company advises people to be alert for unusual behaviors on their devices, such as strange charges on the bill, unusual SMS or network activity and applications that launch when the device is locked. Users should also check the permissions an app requests to make sure they match with the functionality of the app. And people should only download apps from reputable app stores and consider using services or apps that scan apps for malicious activity.
- 2