Home / malware Trojan:Unix/Legana.A
First posted on 21 April 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:Unix/Legana.A.
Explanation :
Trojan:Unix/Legana.A is loaded by Trojan:AndroidOS/Legana.A. The trojan performs certain actions based on instructions it receives from specific servers.
Top
Trojan:Unix/Legana.A is loaded by Trojan:AndroidOS/Legana.A. It performs certain actions based on instructions it receives from specific servers.
Installation
When Trojan:AndroidOS/Legana.A runs, it decypts Trojan:Unix/Legana.A.
Payload
Trojan:Unix/Legana.A connects to the following servers using port 8511 to receive instructions:
- search.gongfu-android.com
- search.zi18.com
- search.zs169.com
The instructions include, but are not limited to, the following:
- Opening the browser to a specific webpage
- Downloading and installing other malware into "/data/t<random string>.apk"
- Executing specific applications
Analysis by Jim Wang
Last update 21 April 2012
