Geinimi, Sophisticated New Android Trojan Found in Wild

The Threat:
A new Trojan affecting Android devices has recently emerged in China. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers. The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.

Lookout has already delivered an update for its Android users to protect them against known instances of the Trojan. If you are already a Lookout user (free or premium), you are protected and no action is needed.

How it Works:
When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes,,, and If it connects, Geinimi transmits collected device information to the remote server. Continue reading …

Related Posts

Let’s Encrypt to offer free, automated and open SSL/TLS domain certificates Come Summer 2015, webmasters not already using SSL/TLS certificates to encrypt their website's traffic will be able to do so for free using a single p...
ISPs Free To Continue Deleting Evidence Against File-Sharers Sweden’s highest court has rejected an application by an anti-piracy group which would force an ISP to hand over the identity of a file-sharing site o...
Apache OpenOffice 4 is here Apache OpenOffice 4.0 has been released. This is the first major milestone release since the Free and Open Source software Office suite was donated to...
Privacy International announces the “Eyes Wide Open” project Eyes Wide Open is a new project from Privacy International, a UK Charity. The goals of the project are to: 1. Pry open the Five Eyes arrangement an...
Exciting developments in GNU Radio GNU Radio had a pretty good year in 2010, and we are already on track for an even more productive year in 2011. While we only produced one release in ...
SlateBook x2: Tegra 4-powered Android hybrid The Tegra 4-powered SlateBook x2 running Android Jelly Bean (4.2.2) is the latest split-personality portable computer from HP. Detailed hardware s...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

One Comment

  1. Pingback: Tweets that mention Geinimi, Sophisticated New Android Trojan Found in Wild --

Leave a Comment

Your email address will not be published. Required fields are marked *