Legacy Native Malware in Angry Birds Space to pwn your Android
A new malware threatens phones and tablets running Google’s OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.
Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. “By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch),” Lookout said in ablog post.
In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh. The malicious app appeared on the Google Play store, stealing users’ data and money by sending SMS messages to premium-rate numbers without the owner’s knowledge.
One binary exploits the GingerBreak vulnerability to drop and launch the second, an updated version of LeNa. This payload communicates with a remote Command and Control server and accepts instructions to install additional packages and push URLs to be displayed in the browser.
The malware connects to remote servers in order to send sensitive phone information and to install malicious software on the infected handset. The new LeNa seems like a fully functional copy of popular apps, like “Angry Birds Space,” and, according to Lookout, “hides its malicious payload in the string of code at the end of an otherwise genuine JPEG file.”
Well ! Before you download any app, check the permissions it requests, if you’re uncomfortable with the amount of access to your phone an app wants, don’t download it. For now, Android users who are only downloading apps from Google Play (Android Market) are safe. The new version of LeNa has been spotted on third-party Chinese app websites.