Security alert: new variants of Legacy Native (LeNa) identified
(Publication) Google search: [1]
| Security alert: new variants of Legacy Native (LeNa) identified | |
|---|---|
| Botnet | |
| Malware | LeNa |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / APRIL 3, 2012 |
| Editor/Conference | Lookout |
| Link | http://blog.mylookout.com/blog/2012/04/03/security-alert-new-variants-of-legacy-native-lena-identified/ blog.mylookout.com (blog.mylookout.com Archive copy) |
| Author | Tim Wyatt |
| Type | |
Abstract
“ We recently encountered an interesting new variant of our “old friend” Legacy Native (LeNa). LeNa originally masqueraded as a legitimate application and attempted to trick a user into activating its malicious payload by invoking the SU utility, which is used by “rooted” users to selectively grant superuser privileges to applications that request them. After the repackaged application gained root access, it functioned properly, but simultaneously installed a native binary file to the device granting remote control, including the ability to install additional software without any user notification. Because of its dependency on the SU utility to gain root permissions, the pool of users vulnerable to LeNA was inherently limited to those that rooted their devices – a relatively small, albeit technically adept set of users.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR977,
editor = {Lookout},
author = {Tim Wyatt},
title = {Security alert: new variants of Legacy Native (LeNa) identified},
date = {03},
month = Apr,
year = {2012},
howpublished = {\url{http://blog.mylookout.com/blog/2012/04/03/security-alert-new-variants-of-legacy-native-lena-identified/ blog.mylookout.com}},
}