Geinimi, Sophisticated New Android Trojan Found in Wild

The Threat:
A new Trojan affecting Android devices has recently emerged in China. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers. The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.

Lookout has already delivered an update for its Android users to protect them against known instances of the Trojan. If you are already a Lookout user (free or premium), you are protected and no action is needed.

How it Works:
When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server. Continue reading …

Related Posts

Mozilla to kill Sponsored Tiles program in Firefox The Mozilla foundation, which is responsible for the Firefox Web browser, has announced that the Sponsored Tiles program, which placed ads in Firefox ...
ROSA Desktop 2012 roadmap approved The roadmap for ROSA Desktop 2012 has been approved. ROSA Linux is a line of Linux distributions published by ROSA Laboratory, a Linux solutions provi...
Aeromobil: It’s a car and it can fly The video I'm posting in this article has been out since March, but it's never too late to post an article on something like this. It's about Aeromobi...
New USB Type-C cable connectors will be reversible In the future, you will be able to connect any USB cable to a USB port without worrying whether the connector is facing "up" or "down." In other words...
Plasma Media Center 1.1 and digiKam 3.3 Plasma Media Center 1.1 was released today August 20, while digiKam 3.3 was released on August 6. Plasma Media Center is a promising media center appl...
Ubuntu Edge: Is there life after an unsuccessful crowd-funding campaign? At exactly 1:59 a.m. (CST) this early Thursday morning, Canonical's attempt to raise US$32 million directly from end-users via a crowd-funding campaig...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


One Comment

  1. Pingback: Tweets that mention Geinimi, Sophisticated New Android Trojan Found in Wild -- Topsy.com

Leave a Comment

Your email address will not be published. Required fields are marked *

*