Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Sophisticated New Android Trojan “Geinimi” Spreading in China

“Geinimi” Android Trojan Spreading in China

“Geinimi” Android Trojan Spreading in China

According to mobile security firm Lookout, a new sophisticated Trojan has emerged in China that is affecting Android devices. Lookout Mobile, fresh off announcing a $19.5 Million round of funding last week, said that the Trojan, which it is calling “Geinimi,” can compromise a significant amount of personal data on a user’s phone and send it to remote servers.

Internet TV Hacked

In a blog post detailing the discovery, the company says the mobile malware is “The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.”

 Featured Report (Free) > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

What makes the Trojan different than most “standard” mobile malware is that Geinimi is being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets.

According to Lookout, this is how it works:

When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes widifu.com, udaore.com, frijd.com, islpast.com and piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Technical Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Advertisement. Scroll to continue reading.

Lookout says the Geinimi mobile malware has only been seen being distributed via third-party Chinese app stores and has not seen any apps infected with the Geinimi Trojan in the official Google Android Market. Google’s Android mobile OS is rapidly growing with over 300,000 Android devices being activated every day, however, Android’s openness has turned the Android Market into a breeding ground for malicious applications capable of stealing sensitive user information from the mobile phones.

After initial analysis, Lookout researchers have evidence that Geinimi so far has the capability to:

Send location coordinates (fine location)

Send device identifiers (IMEI and IMSI)

Download and prompt the user to install an app

Prompt the user to uninstall an app

Enumerate and send a list of installed apps to the server

Earlier this year Lookout Mobile’s App Genome project revealed that 29 percent of free applications available in the Android Market were capable of stealing user location at any given point of time while 8 percent of them can browse through users’ contact list.

PCs are no longer the dominant form of computing and threats targeting the smartphone and tablet markets top the list of cyber concerns in 2011 according to several recent reports. Respondents to a 2010 Mobile & Smart Device Security Survey recognize the quickly growing world of connected smart devices  and acknowledge that device security problems are not only inevitable, but serious.

Developer Reading – Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.