Customized Android malware is getting into nonrooted devices and taking them over, and it requires no interaction from the victim to begin its campaign.
The malware is Legacy Native (LeNa) and it poses as a legitimate app to gain unauthorized privileges on Android phones, said researchers at mobile security firm Lookout.
LeNa has long plagued Android users, but in its reworked form, it no longer requires its target phone to be rooted, and can now activate its payload — it connects to remote servers, transmits sensitive phone information and drops more rigged software onto the phone — without any complicity from the end user, Lookout said.
The new Android malware disguises itself in fully functional copies of apps, including “Angry Birds Space,” and hides its malicious payload in the string of code at the end of an otherwise genuine JPEG file, Lookout said. This rogue code exploits the GingerBreak vulnerability, a flaw that enables it to gain control of the phone and trick the victim into purchasing apps from illegitimate app stores.
The risks of downloading LeNa are not currently high; it has not been in the Google Play market (formerly the Android App Market), and has only been in unauthorized, third-party Chinese-language app markets.
As a word of caution, before any user downloads any app, check the permissions it requests; if there is a level of discomfort with the amount of access to your phone an app wants, don’t download it. Review the app, its developer and its ratings and customer reviews. Check for unusual behaviors on your phone that may indicate an infection, and scan the phone bill for any unauthorized texts and charges.