Android users and Angry Birds addicts, be warned. A new malware threatens phones and tablets running Google’s OS by hiding inside a copy of the popular game. And it can wreak havoc even without user intervention.
Mobile security firm Lookout said the malware is a new variant of the “Legacy Native (LeNa)” malware, which uses the “GingerBreak” exploit to attack.
“By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch),” Lookout said in a blog post.
The malware hides in some apps, including a fully functional copy of the recently released – and immensely popular – Angry Birds Space.
“The authors are undoubtedly hoping to capitalize on the latest release from this popular franchise to increase uptake on distribution,” Lookout said.
It added that as of now, LeNa is not believed to have been in the Google Play market (formerly Android Market).
Lookout said LeNa originally masqueraded as a legitimate application and tried to trick a user into activating its malicious payload by invoking the SU (super-user) utility.
The SU utility is used by “rooted” users to selectively grant privileges to applications that request them.
Once the app gained root access, it functioned properly but also installed a binary file to the device granting remote control – including the ability to install additional software without any user notification.
At the time, the pool of users vulnerable to LeNA was relatively small since it depended on root access to run.
How it works
The new variant of LeNa hides its payload just past the “End of Image” marker of an otherwise fully-functional JPEG image file.
“As in its predecessor, this payload communicates with a remote Command and Control server and accepts instructions to install additional packages and push URLs to be displayed in the browser,” Lookout said.
At this time, LeNa’s CC seems to be focusing on pushing a single package to the device: com.the9.gamechannel, a Chinese-language alternative market that publishes Android games.
This package is installed without the user’s knowledge and subsequently launched.
“While it shares much of the same functionality as any mobile application store, this alternate market has not been designed to mimic the official Google Play market,” Lookout said.
Staying safe
Lookout advised Android users to be alert for unusual behaviors on their phones, which could indicate infection.
These behaviors may include strange charges to one’s phone bill, unusual SMS or network activity, or application activities that launch when the device is locked.
“Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides and remember to look at the developer name, reviews and star ratings,” it said.
“Only download apps from trusted sources, such as reputable app stores and download sites. Download a mobile security app for your phone that scans every app you download to ensure it’s safe. Lookout users automatically receive protection against this Trojan,” it added. — TJD, GMA News
Article source: http://ph.news.yahoo.com/malware-hides-angry-birds-space-104007921.html
View full post on National Cyber Security » Virus/Malware/Worms
