Android users may be aware of the DroidKungFu malware that has plagued Android devices earlier this year. The bad news is that it has evolved and a new variant of malware has surfaced and is called LeNa. This malware was identified by Lookout Security and has been found on the Android Market, although it looks like Google has been quick to remove the affected apps, but still this is something Android users should probably keep an eye out for. Check below for the press release by Lookout Security.
Unlike its predecessors, LeNa does not come with an exploit to root the device, rather it requests privileged access on a pre-rooted device. On un-rooted devices, it offers “helpful” instructions on how to root the phone. In some samples, LeNa is re-packaged into apps (a VPN management tool, for instance) that could conceivably require root privileges to function properly. Other samples attempt to convince the user that root access is required to update. Once the user grants LeNa with root privileges, it starts its infection process in the background, while performing the advertised application tasks in the foreground.
Once on a user’s device, the Trojan takes a different tactic than previously seen to infect and launch the malware. LeNa hides itself inside an application that is native to the device (an ELF Binary). This is the first time an Android Trojan has relied fully on a native ELF binary as opposed to a typical VM-based Android application. In essence LeNa trojanizes the phone’s system processes, latching itself onto an application that is native to the device and critical to making the phone function properly.
Just like with all your Android apps (iOS included), we understand sometimes the Android Market may not offer the apps that you’re looking for, especially if you’ve rooted your device and you’re looking for something a little more exciting and out of the ordinary, but usually the avoidance of third party app stores which seem dubious is a great way to keep your Android device malware free.