Mobile Security series: new Android malware can remotely root the device

Posted April 6, 2012 by Istvan in Mobile
android malware

With Smartphones carrying valuable user information, each time a malware or security issue surfaces, the whole mobile OS system comes under fire. The latest malware information is Android-related: an updated version of a piece of Android malware doesn’t need user interaction for an attacker to root the device, according to a Lookout Mobile Security research.

The malware, LeNa (Legacy Native), was spotted looking like an authentic application last fall by the security research firm, requiring user interaction to unwittingly utilize the SU utility to gain access to the Android mobile handset. The App surfaced in the Android Market (now Google Play) a few times, before it was removed.

Now, a tweaked version of the malware doesn’t require any user interaction; it uses the GingerBreak exploit and gains root permission on Android devices. According to Lookout Tim Wyatt, Lookout’s principal engineer, LeNa hides its exploit in a functional JPEG file, and communicates with a command and control server to install and launch packages without the knowledge of the Android phone’s user.

The malware is hosted by alternative mobile application market places which are blocked by default on Android phones, but the same tweaked version of LeNa has been seen as a disguised version of the popular Angry Birds Space game. We don’t have any information about the malware hitting Google Play, but this scenario could easily become a reality.

Image credit GSM Arena

Via Lookout

About the Author


Istvan is based in Transylvania, the land of Dracula and covers mobile industry news for MobileUsers. You can follow him on Twitter: @hexakuemion


Be the first to comment!

You must be logged in to post a comment.