Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Sophisticated New Android Trojan “Geinimi” Spreading in China

“Geinimi” Android Trojan Spreading in China

“Geinimi” Android Trojan Spreading in China

According to mobile security firm Lookout, a new sophisticated Trojan has emerged in China that is affecting Android devices. Lookout Mobile, fresh off announcing a $19.5 Million round of funding last week, said that the Trojan, which it is calling “Geinimi,” can compromise a significant amount of personal data on a user’s phone and send it to remote servers.

Internet TV Hacked

In a blog post detailing the discovery, the company says the mobile malware is “The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.”

 Featured Report (Free) > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

What makes the Trojan different than most “standard” mobile malware is that Geinimi is being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets.

According to Lookout, this is how it works:

When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes widifu.com, udaore.com, frijd.com, islpast.com and piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Technical Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Advertisement. Scroll to continue reading.

Lookout says the Geinimi mobile malware has only been seen being distributed via third-party Chinese app stores and has not seen any apps infected with the Geinimi Trojan in the official Google Android Market. Google’s Android mobile OS is rapidly growing with over 300,000 Android devices being activated every day, however, Android’s openness has turned the Android Market into a breeding ground for malicious applications capable of stealing sensitive user information from the mobile phones.

After initial analysis, Lookout researchers have evidence that Geinimi so far has the capability to:

Send location coordinates (fine location)

Send device identifiers (IMEI and IMSI)

Download and prompt the user to install an app

Prompt the user to uninstall an app

Enumerate and send a list of installed apps to the server

Earlier this year Lookout Mobile’s App Genome project revealed that 29 percent of free applications available in the Android Market were capable of stealing user location at any given point of time while 8 percent of them can browse through users’ contact list.

PCs are no longer the dominant form of computing and threats targeting the smartphone and tablet markets top the list of cyber concerns in 2011 according to several recent reports. Respondents to a 2010 Mobile & Smart Device Security Survey recognize the quickly growing world of connected smart devices  and acknowledge that device security problems are not only inevitable, but serious.

Developer Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.