Detection and prevention of LeNa Malware on Android

Hwan-Taek Lee¹, Minkyu Park^2*, and Seong-Je Cho¹

¹Dankook University, Yongin-si, Gyeonggi-do, Republic of Korea
{htlee, sjcho}@dankook.ac.kr

²Konkuk University, Chungju-si, Chungcheongbuk-do, Republic of Korea
minkyup@kku.ac.kr

Abstract
Smartphones contain security-sensitive information of a user such as contacts, SMS, photos, and GPS information. Because smartphones are always turned on and ready to connect to the Internet, that sensitive information is in danger of leakage. Various kinds of malware are more and more attacking smartphones, especially Android phones. We propose a scheme that protects Android phones against one of them, called LeNa. LeNa infects rooted Android phones and periodically leaks sensitive information of the phone. LeNa also dominates the system and makes the phone a zombie which can perform Distributed Denial of Service (DDoS) attack. The proposed scheme checks whether a process is allowed to execute a requesting operation even after the process have acquired the root privilege. This scheme can also protect smartphones from malware targeted for rooted phones. 
 

Keywords: LeNa, malware, rooting, Android, root privilege

*: Corresponding author: Minkyu Park
Room 105, Sanghuh research bldg., Department of Computer Engineering, Konkuk University,
268 Chungwon-daero, Chungju-si, Chungcheongbuk-do, 380-701, Republic of Korea,
Tel: +82-(0)43-840-3559

Journal of Internet Services and Information Security (JISIS), 3(3/4): 63-71, November  2013 [pdf]