Dec, 29 2010

trojan_horse_400pxJust when you thought it was safe to run around installing any apk you can get your hands on. Mobile security team Lookout is reporting a new trojan that is making the rounds, dubbed “Geinimi”. It’s essentially being “grafted” on to legitimate applications, mainly games, and distributed into third party App stores. So far, it has only been downloaded from applications hosted by Chinese App Markets.

Unfortunately, from the information gathered so far, Lookout isn’t entirely sure what this trojan is capable of once it has made its way onto a users device, and say the possibilities range from creating “a malicious ad-network to an attempt to create an Android botnet”. What they do know is that it can collect a device’s unique identifiers such as the IMEI and IMSI and every five minutes it will attempt to connect to one of several domains:

  • We do not recommend going to these domains, they are only here for informational purposes!
  • widifu . com
  • udaore . com
  • frijd . com
  • islpast . com
  • piajesj . com
  • We do not recommend going to these domains, they are only here for informational purposes!

If a connection is successful it transmits the information it has gathered.

Through Lookout’s analysis of the trojan it has gathered the following capabilities:

  • Send location coordinates
  • Send device identifiers
  • Download and prompt a user to install an app
  • Prompt a user to uninstall an app
  • Enumerate and send a list of installed apps to the server

While the infected files seem to be contained to the Chinese market for now, we can all take this as a refresher that no device is 100% safe from these types of threats and a small amount of common sense and intuition can prevent a lot of headache.

[via Lookout | Read on All Things Digital. | Thanks, anon]