New Android Trojan Discovered, Called Geinimi

A new malicious program targeted at devices running under Google Android operating system was discovered in China recently. Dubbed “Geinimi,” the Trojan is reportedly one of the most sophisticated Android malware to date. The solution was designed so as to compromise personal data on an affected device through collecting it and sending it to remote servers. According to a recent post on the Lookout Mobile Security's Blog, the newly discovered Geinimi Trojan is also the first Android malware that shows botnet-like capabilities. “Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone,” the said post continues. The Trojan is being “'grafted' onto repackaged versions of legitimate applications," which are being distributed through third-party Chinese Android app markets. Basically, this means that users would have to set their devices to allow for the installation of applications from Unknown sources, something that is also known under the name of sideloading. According to the security firm, the affected applications would ask for extensive permissions, beyond the usual set of permissions that the unaffected versions request. Mostly games are those who would pack the Trojan, and only apps available via third-party Chinese app stores, Lookout notes. No app in the Android Market was seen as compromised by this Trojan. “The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet,” the blog post continues. According to Lookout, the malware would send data that includes location coordinates, or device identifiers, such as IMEI and IMSI, or would prompt the user to download and install an app. The firm also notes that the Geinimi Trojan includes various techniques that obfuscate its activities, in a move that makes it more sophisticated than other Android malware. “In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted,” the company notes. To ensure that they are safe, users are advised to download apps only from trusted sources, to check on the permissions an application requests, keep an eye on the behavior of the phone, or install a security application.

Comments