14 DAY TRIAL // The recently discovered DroidKungFu , which has been known to target Android system by cleverly masking itself as a legitimate application, has evolved into LegacyNative (LeNa), a more powerful version of its predecessor.
According to Lookout Security, the applications that plagued the Android Market with the piece of malware were removed and security solutions should have no trouble identifying it but that doesn't mean we don't have to keep an eye out for the new mobile threat.
Unlike the previous variant, LeNa searches rooted devices and if the smartphone it lands on is not yet rooted, it offers advice on how to do so, to make sure it can accomplish its mission.
It looks as the improved version of the malevolent element comes disguised as a regular app that usually requires root privileges to function properly and once those privileges are granted, it starts the infection process in the background, while the user sees the regular app running in the foreground.
The worst thing about LeNa is that it attaches itself to system processes which makes it harder to detect and to clean.
After it settles on the victim device, it starts communicating with C&C servers, it takes full control of the applications, it can easily initiate web browser activity and it updates installed binaries.
To make sure you're protected from the piece of malware that most commonly masks itself as a VPN app, don't download any software from third-party markets as in most cases these will be the hosts for this threat.
F-Secure has also discovered LeNa and identified it as being a variant of the Trojan:Android/DroidKungFu.C which they've been detecting since August.
To make sure you're protected from the malicious mobile threat, install a proper anti-virus on your device and double-check the source of a download before setting up any new apps.