Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Sophisticated New Android Trojan “Geinimi” Spreading in China

“Geinimi” Android Trojan Spreading in China

“Geinimi” Android Trojan Spreading in China

According to mobile security firm Lookout, a new sophisticated Trojan has emerged in China that is affecting Android devices. Lookout Mobile, fresh off announcing a $19.5 Million round of funding last week, said that the Trojan, which it is calling “Geinimi,” can compromise a significant amount of personal data on a user’s phone and send it to remote servers.

Internet TV Hacked

In a blog post detailing the discovery, the company says the mobile malware is “The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.”

 Featured Report (Free) > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

What makes the Trojan different than most “standard” mobile malware is that Geinimi is being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets.

According to Lookout, this is how it works:

When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes,,, and If it connects, Geinimi transmits collected device information to the remote server.

Technical Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Lookout says the Geinimi mobile malware has only been seen being distributed via third-party Chinese app stores and has not seen any apps infected with the Geinimi Trojan in the official Google Android Market. Google’s Android mobile OS is rapidly growing with over 300,000 Android devices being activated every day, however, Android’s openness has turned the Android Market into a breeding ground for malicious applications capable of stealing sensitive user information from the mobile phones.

After initial analysis, Lookout researchers have evidence that Geinimi so far has the capability to:

Send location coordinates (fine location)

Send device identifiers (IMEI and IMSI)

Download and prompt the user to install an app

Prompt the user to uninstall an app

Enumerate and send a list of installed apps to the server

Earlier this year Lookout Mobile’s App Genome project revealed that 29 percent of free applications available in the Android Market were capable of stealing user location at any given point of time while 8 percent of them can browse through users’ contact list.

PCs are no longer the dominant form of computing and threats targeting the smartphone and tablet markets top the list of cyber concerns in 2011 according to several recent reports. Respondents to a 2010 Mobile & Smart Device Security Survey recognize the quickly growing world of connected smart devices  and acknowledge that device security problems are not only inevitable, but serious.

Developer Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.