New Android Trojan Found

trojan_horse_400pxJust when you thought it was safe to run around installing any apk you can get your hands on. Mobile security team Lookout is reporting a new trojan that is making the rounds, dubbed “Geinimi”. It’s essentially being “grafted” on to legitimate applications, mainly games, and distributed into third party App stores. So far, it has only been downloaded from applications hosted by Chinese App Markets.

Unfortunately, from the information gathered so far, Lookout isn’t entirely sure what this trojan is capable of once it has made its way onto a users device, and say the possibilities range from creating “a malicious ad-network to an attempt to create an Android botnet”. What they do know is that it can collect a device’s unique identifiers such as the IMEI and IMSI and every five minutes it will attempt to connect to one of several domains:

  • We do not recommend going to these domains, they are only here for informational purposes!
  • widifu . com
  • udaore . com
  • frijd . com
  • islpast . com
  • piajesj . com
  • We do not recommend going to these domains, they are only here for informational purposes!

If a connection is successful it transmits the information it has gathered.

Through Lookout’s analysis of the trojan it has gathered the following capabilities:

  • Send location coordinates
  • Send device identifiers
  • Download and prompt a user to install an app
  • Prompt a user to uninstall an app
  • Enumerate and send a list of installed apps to the server

While the infected files seem to be contained to the Chinese market for now, we can all take this as a refresher that no device is 100% safe from these types of threats and a small amount of common sense and intuition can prevent a lot of headache.

[via Lookout | Read on All Things Digital. | Thanks, anon]

Continue reading:

TAGS:



  • tatiG

    Chinese App Store. The safest place to download apps.

  • http://www.nielco.dk John Nielsen

    Thanks for the warning about these rogue Android app sites.

    Best regards
    John Nielsen

  • jamerson90

    You guys use Trojan too loosely. This is just spyware.

  • brian

    Damn Chinese

  • GPL

    Smart phones from all manufacturers are the next target for hackers. Malware protection right now is circa 1995, and people need to use common sense. I’d never load anything that isn’t in the Market, and even that doesn’t guarantee safety.

  • Jevyjav

    Damn so you mean to tell me I shouldn’t download apps from shady 3rd party Chinese websites anymore? Whatever shall I do :-D

  • AGx

    Spyware can be a Trojan but typically the term Trojan is used to describe more malicious things like viruses or worms (which fall in the category of Malware, just like Spyware). Trojans are basically any type of unwanted addition that find its way on to a system having been delivered via means the user perceived as safe.

  • Curry

    Asian hackers going for round 2 of hacking Google, this time only in.. Android? Lol, glad I got lookout on my phone now, I can only trust BlackDroid so much.

  • TDHooligan

    Pfft, I knew smartphones were next, that’s why I don’t have one.
    Hackers try to get their hands on everything.

  • Steve

    @GPL, My linux boxes have no malware protection, but sticking to the market is a good idea.

  • Aeires

    There’s a few different anti-virus apps on the market, can you post an article covering what each has to offer? Might be a good time to reflect on what makes a good anti-virus app.

  • Covert

    @Jamerson do you know what a trojan is? it is a type of spyware that gets it’s way onto your sytem by acting as something else… i think downloading something you think is an app that has other “features” counts as a trojan…

    refer to the trojan horse for an example.

  • tim242

    While spyware is not good, I think calling it a trojan is exaggerating. Tons of apps are spying on us. It almost seems like lookout is trying to scare people into using their product.

  • xang chang

    this is not twue, china is best place for downloading tings

  • MATTY032

    Most of the antivirus software in the market slows the phone down to a crawl. Or they cost too much.

  • swanman

    Haha I guess we all should go get the iphone now ;)

  • Adrian

    they don’t actually do anything do they?

  • Zachm

    Lookout does not slow your phone down unless you have an older or cheaply made phone. And Lookout is free. An ounce of prevention and some common sense. Not everything you read is a conspiracy.

  • GPL

    @Steve, but you aren’t side loading programs from shady web sites either. If the sites offering these would open source them so we could examine the code and build them ourselves that would be better. I haven’t used Linux for several years now, but back in the day I was taking source code that had been deemed safe by the community before I bothered to compile the package.

  • http://joshdobbs Josh

    dang it! I thought this was going to be an article about a new line of Android Inspired Trojan Condoms.

  • AGx

    @Tim Did you not see my earlier comment or, you know, Google the term Trojan? It doesn’t simply apply to the worst things, it applies to ANYTHING that “is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems” -Cisco

    So yes, getting Spyware or whatever you want to call this on your smartphone, given the means, is a Trojan and given the means THIS IS A TROJAN.

    http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

  • crazz

    I was told by verizon not to use the anti virus apps on the market.. bc their market is “secure”.. who do u believe??

  • xarophti

    The only thing I’ll sideload out of Market is an app I’m beta testing when I’m in direct communication with the dev.

  • Manny

    Not VZW, silly. What? Are they that much more intelligent than Google?? Since when could they claim to be an authority? They have their own interests, their own market.

  • The man

    Who thinks lookout is the one that wrote the virus. This “gemini” sure has given them a lot of free fan fare.LOL JKJK

  • Alexander

    @Josh: And they’ll be green with Andy’s head at the tip and have two “ticklers” at the sides of the tip that look like antennae.
    .
    On another note, I’m gonna go check out those links right now!

  • Pingback: 卧龙腾飞 » 新Android特洛伊病毒被发现

  • Chronos

    This is why i love having root. if i ever get one of these malicious programs i just restore a backup :D

  • nodnarb

    restore a backup? sure then you don’t have the malicious app installed anymore, but if it was able to contact its servers, then it already uploaded your gps loc, your phone’s unique id, and what everelse (your mom’s email address) browser cookies, passwords (depends on how you have them stored.

    what i’m trying to say is that restore from back up is not enough. the damage will already be done. like many above have said, people must become more discerning about what they install, and from where.

    nodnarb

  • Thats

    I laugh at all of the people who say that this isn’t a Trojan. It is the exact definition of one. Failures. Hurray for CompTIA!

  • Hulk smash

    Trojan man!

  • Jeff

    I HAVE A TROJAN IN MY WALLET

  • derp

    Lmao , 100 years from now you wont be able to go online without your whole dna sequence being sniffed so I say bring the trojans on! Human evolution baby!

  • http://gamingbygrace.com Hampteezy

    Lookout is the trojan!!! SCAMMERS! rofl

  • The Dark Knight

    I always do my best to avoid stupid Chinese crap.

  • wintergirl

    I have a samsung intercept and sense a 3 00 clock today I called sprint support I was having problems getting on web page it would say sever not reponding please try latter this has being going on sense I got this phone well and after I got off the phone I want to see what kind of apps are there and look around but can’t even get in my market at all I have tryed all day it is saying sever error.?
    I am so upset about this issue please help me fix this
    As I read your thread it kinded makes sense do you think that trojan has a lot. To do with it if so can it be fixed

  • josh

    Lookout is the best its trustworthy

  • jim

    @wintergirl- the Samsung intercept has a known problem on Sprint network, I bought that phone for my wife and had the same problems you are describing. I was told by Sprint that the phone had known issues and to return for a different phone.

  • http://pureloveclub.com me

    gee if only there were a way (for normal users) to stop the onslaught

    “give me all these permissions to abuse or no app for you”

    is not an acceptable way to operate

    my hardware: my way

    google continues to abuse users .. awesome

    I use F-droid.org and its respective application. Since the mindset is FOSDEM I worry not about requested permissions.

    The google market is filled with the intellectually dishonest- and morally impaired (developers) especially in the freeware section.

    malware (adware) is immoral but that doesn’t seem to stop the onslaught against the integrity of freeware developers in the google market

    adware (malware) needs its own category on google markets so people can make an informed decision PRIOR to installation (privacy rape)

  • http://pureloveclub.com me

    whitespace
    .
    test

  • http://pureloveclub.com me

    this is a test of white space
    .
    and respecting MY formatting
    .
    .
    two then one then boom
    .
    #
    mm

  • http://pureloveclub.com me

    gee if only there were a way (for normal users) to stop the onslaught
    .
    .
    “give me all these permissions to abuse or no app for you”

    .
    .
    is not an acceptable way to operate
    .
    .

    my hardware: my way
    .
    .

    google continues to abuse users .. awesome
    .
    .

    I use F-droid.org and its respective application. Since the mindset is FOSDEM I worry not about requested permissions.
    .
    .

    The google market is filled with the intellectually dishonest- and morally impaired (developers) especially in the freeware section.
    .
    .

    malware (adware) is immoral but that doesn’t seem to stop the onslaught against the integrity of freeware developers in the google market
    .
    .

    adware (malware) needs its own category on google markets so people can make an informed decision PRIOR to installation (privacy rape)
    .
    .