Home / malware Trojan:AndroidOS/Legana.A
First posted on 21 April 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:AndroidOS/Legana.A.
Explanation :
Trojan:AndroidOS/Legana.A is a trojan that affects mobile devices running the Android operating system. It may send information about the affected device, and send the information to a specific remote server.
Top
Trojan:AndroidOS/Legana.A is a trojan that affects mobile devices running the Android operating system. It may send information about the affected device, and send the information to a specific remote server.
Installation
Trojan:AndroidOS/Legana.A is usually bundled with legitimate apps, for example, music players. When the app runs, it loads Trojan:AndroidOS/Legana.A. Usually, Trojan:AndroidOS/Legana.A requires root access. If it does not have root access, it may attempt to exploit vulnerabilities to gain root access. One of the vulnerabilities it has been known to exploit is CVE-2009-1185.
Payload
Steals information
Trojan:AndroidOS/Legana.A steals the following information from the device, and sends it to the server "search.gongfu-android.com" via port 8511:
- IMEI
- Internet service provider
- Mobile device model
- Mobile device number
- operating system APIs
- Operating system type
- SD card memory contents
- SDK version
Analysis by Jim Wang
Last update 21 April 2012
