Uncategorized

New Android Trojan Found

41

trojan_horse_400pxJust when you thought it was safe to run around installing any apk you can get your hands on. Mobile security team Lookout is reporting a new trojan that is making the rounds, dubbed “Geinimi”. It’s essentially being “grafted” on to legitimate applications, mainly games, and distributed into third party App stores. So far, it has only been downloaded from applications hosted by Chinese App Markets.

Unfortunately, from the information gathered so far, Lookout isn’t entirely sure what this trojan is capable of once it has made its way onto a users device, and say the possibilities range from creating “a malicious ad-network to an attempt to create an Android botnet”. What they do know is that it can collect a device’s unique identifiers such as the IMEI and IMSI and every five minutes it will attempt to connect to one of several domains:

  • We do not recommend going to these domains, they are only here for informational purposes!
  • widifu . com
  • udaore . com
  • frijd . com
  • islpast . com
  • piajesj . com
  • We do not recommend going to these domains, they are only here for informational purposes!

If a connection is successful it transmits the information it has gathered.

Through Lookout’s analysis of the trojan it has gathered the following capabilities:

  • Send location coordinates
  • Send device identifiers
  • Download and prompt a user to install an app
  • Prompt a user to uninstall an app
  • Enumerate and send a list of installed apps to the server

While the infected files seem to be contained to the Chinese market for now, we can all take this as a refresher that no device is 100% safe from these types of threats and a small amount of common sense and intuition can prevent a lot of headache.

[via Lookout | Read on All Things Digital. | Thanks, anon]

Tyler Miller

Motorola “XOOM”? Yes. LTE? No.

Previous article

EVO 4G Shift Accessories Arriving at Best Buy

Next article

You may also like

41 Comments

  1. Chinese App Store. The safest place to download apps.

  2. Thanks for the warning about these rogue Android app sites.

    Best regards
    John Nielsen

  3. You guys use Trojan too loosely. This is just spyware.

  4. Damn Chinese

  5. Smart phones from all manufacturers are the next target for hackers. Malware protection right now is circa 1995, and people need to use common sense. I’d never load anything that isn’t in the Market, and even that doesn’t guarantee safety.

  6. Damn so you mean to tell me I shouldn’t download apps from shady 3rd party Chinese websites anymore? Whatever shall I do :-D

  7. Spyware can be a Trojan but typically the term Trojan is used to describe more malicious things like viruses or worms (which fall in the category of Malware, just like Spyware). Trojans are basically any type of unwanted addition that find its way on to a system having been delivered via means the user perceived as safe.

  8. Asian hackers going for round 2 of hacking Google, this time only in.. Android? Lol, glad I got lookout on my phone now, I can only trust BlackDroid so much.

  9. Pfft, I knew smartphones were next, that’s why I don’t have one.
    Hackers try to get their hands on everything.

  10. @GPL, My linux boxes have no malware protection, but sticking to the market is a good idea.

  11. There’s a few different anti-virus apps on the market, can you post an article covering what each has to offer? Might be a good time to reflect on what makes a good anti-virus app.

  12. @Jamerson do you know what a trojan is? it is a type of spyware that gets it’s way onto your sytem by acting as something else… i think downloading something you think is an app that has other “features” counts as a trojan…

    refer to the trojan horse for an example.

  13. While spyware is not good, I think calling it a trojan is exaggerating. Tons of apps are spying on us. It almost seems like lookout is trying to scare people into using their product.

  14. this is not twue, china is best place for downloading tings

  15. Most of the antivirus software in the market slows the phone down to a crawl. Or they cost too much.

  16. Haha I guess we all should go get the iphone now ;)

  17. they don’t actually do anything do they?

  18. Lookout does not slow your phone down unless you have an older or cheaply made phone. And Lookout is free. An ounce of prevention and some common sense. Not everything you read is a conspiracy.

  19. @Steve, but you aren’t side loading programs from shady web sites either. If the sites offering these would open source them so we could examine the code and build them ourselves that would be better. I haven’t used Linux for several years now, but back in the day I was taking source code that had been deemed safe by the community before I bothered to compile the package.

  20. dang it! I thought this was going to be an article about a new line of Android Inspired Trojan Condoms.

  21. @Tim Did you not see my earlier comment or, you know, Google the term Trojan? It doesn’t simply apply to the worst things, it applies to ANYTHING that “is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems” -Cisco

    So yes, getting Spyware or whatever you want to call this on your smartphone, given the means, is a Trojan and given the means THIS IS A TROJAN.

    http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

  22. I was told by verizon not to use the anti virus apps on the market.. bc their market is “secure”.. who do u believe??

  23. The only thing I’ll sideload out of Market is an app I’m beta testing when I’m in direct communication with the dev.

  24. Not VZW, silly. What? Are they that much more intelligent than Google?? Since when could they claim to be an authority? They have their own interests, their own market.

  25. Who thinks lookout is the one that wrote the virus. This “gemini” sure has given them a lot of free fan fare.LOL JKJK

  26. @Josh: And they’ll be green with Andy’s head at the tip and have two “ticklers” at the sides of the tip that look like antennae.
    .
    On another note, I’m gonna go check out those links right now!

  27. This is why i love having root. if i ever get one of these malicious programs i just restore a backup :D

  28. restore a backup? sure then you don’t have the malicious app installed anymore, but if it was able to contact its servers, then it already uploaded your gps loc, your phone’s unique id, and what everelse (your mom’s email address) browser cookies, passwords (depends on how you have them stored.

    what i’m trying to say is that restore from back up is not enough. the damage will already be done. like many above have said, people must become more discerning about what they install, and from where.

    nodnarb

  29. I laugh at all of the people who say that this isn’t a Trojan. It is the exact definition of one. Failures. Hurray for CompTIA!

  30. Trojan man!

  31. I HAVE A TROJAN IN MY WALLET

  32. Lmao , 100 years from now you wont be able to go online without your whole dna sequence being sniffed so I say bring the trojans on! Human evolution baby!

  33. Lookout is the trojan!!! SCAMMERS! rofl

  34. I always do my best to avoid stupid Chinese crap.

  35. I have a samsung intercept and sense a 3 00 clock today I called sprint support I was having problems getting on web page it would say sever not reponding please try latter this has being going on sense I got this phone well and after I got off the phone I want to see what kind of apps are there and look around but can’t even get in my market at all I have tryed all day it is saying sever error.?
    I am so upset about this issue please help me fix this
    As I read your thread it kinded makes sense do you think that trojan has a lot. To do with it if so can it be fixed

  36. Lookout is the best its trustworthy

  37. @wintergirl- the Samsung intercept has a known problem on Sprint network, I bought that phone for my wife and had the same problems you are describing. I was told by Sprint that the phone had known issues and to return for a different phone.

  38. gee if only there were a way (for normal users) to stop the onslaught

    “give me all these permissions to abuse or no app for you”

    is not an acceptable way to operate

    my hardware: my way

    google continues to abuse users .. awesome

    I use F-droid.org and its respective application. Since the mindset is FOSDEM I worry not about requested permissions.

    The google market is filled with the intellectually dishonest- and morally impaired (developers) especially in the freeware section.

    malware (adware) is immoral but that doesn’t seem to stop the onslaught against the integrity of freeware developers in the google market

    adware (malware) needs its own category on google markets so people can make an informed decision PRIOR to installation (privacy rape)

  39. whitespace
    .
    test

  40. this is a test of white space
    .
    and respecting MY formatting
    .
    .
    two then one then boom
    .
    #
    mm

  41. gee if only there were a way (for normal users) to stop the onslaught
    .
    .
    “give me all these permissions to abuse or no app for you”

    .
    .
    is not an acceptable way to operate
    .
    .

    my hardware: my way
    .
    .

    google continues to abuse users .. awesome
    .
    .

    I use F-droid.org and its respective application. Since the mindset is FOSDEM I worry not about requested permissions.
    .
    .

    The google market is filled with the intellectually dishonest- and morally impaired (developers) especially in the freeware section.
    .
    .

    malware (adware) is immoral but that doesn’t seem to stop the onslaught against the integrity of freeware developers in the google market
    .
    .

    adware (malware) needs its own category on google markets so people can make an informed decision PRIOR to installation (privacy rape)
    .
    .

Leave a reply

Your email address will not be published. Required fields are marked *