April 4, SecurityNewsDaily – (International) Updated Android malware can take over your phone. A customized variant of Android malware is now worming its way onto nonrooted devices and taking them over, and the weapon requires no interaction from the victim to begin its campaign. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones. LeNa has long plagued Android users, Lookout said, but in its reworked form, it no longer requires its target phone to be rooted, and can now activate its payload — it connects to remote servers, transmits sensitive phone information, and drops more rigged software onto the phone — without any complicity from the end user. The new Android malware disguises itself in fully functional copies of apps, including ―Angry Birds Space,∥ and hides its malicious payload in the string of code at the end of an otherwise genuine JPEG file, Lookout said. This rogue code exploits the GingerBreak vulnerability, a flaw that enables it to gain control of the phone and trick the victim into purchasing apps from illegitimate app stores.
Ali Loney, on April 04, 2012