3 Comments

Summary:

Mobile security firm Lookout is sounding the alarm about a Trojan targeting Android devices that, while confined to China so far, represents one of the most sophisticated pieces of malware its seen to date. The malware, named “Geinimi” is the first Trojan to display botnet-like capabilities.

securityistock_000012154723xsmall

Mobile security firm Lookout is sounding the alarm about a Trojan targeting Android devices that, while confined to China so far, represents one of the most sophisticated pieces of malware its seen to date. The malware, named “Geinimi” is the first Trojan to display botnet-like capabilities, allowing it to receive remote commands, said Lookout in its blog.

The worm is essentially grafted onto legitimate apps and games that being distributed through third-party Chinese Android app markets. Users who allow side-loading of apps enable the exploit by confirming the installation. The Trojan operates in the background and can send location data and unique identifiers for the device and SIM card through ten embedded domain names. Lookout said that while it has identified Geinimi, it has yet to observe a remote control server send commands to the Trojan.

The Geinimi Trojan is significant, said Lookout, because it goes to some lengths to obfuscate its activities, which while still detectable, require a higher level of scrutiny to uncover. While it has not been observed in any Android Market apps, it has been inserted in Chinese app markets into legitimate apps like Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstarts 2010.

The appearance of more sophisticated mobile malware is inevitable as smartphones become mobile computers. Though mobile devices are harder to target right now than PCs, they represent a growing opportunity for criminals looking to gather data from users. As we wrote about in August, Kapersky Labs said Android handsets could download malware that allowed users to sign up for texts and make calls to premium numbers. In September, security vendor Fortinet discovered a mobile version of Zeus, a piece of banking malware that was targeting Symbian and BlackBerry devices. Android has already had to deal with apps that contained malware, and Stacey had a good list of tips on how to secure an Android handset. The basic things to remember are:

  • Only download apps from trusted sources.
  • Check the permissions an apps is asking for.
  • Look for reviews and warnings about questionable apps.
  • Look out for unusual behavior on the phone — e.g., SMS messages sent automatically — that could signal it’s infected.

We’ve been hearing about the looming threat to mobile phones for years now. But while that threat hasn’t quite reared its ugly head yet, it might not be long before we see more serious attacks as smartphones proliferate.

Related content from GigaOM Pro (sub req’d):

Rogue Devices: The Consumer Influence on Enterprise Mobility, Part 1

  1. Have we not learned anything from the PC malware epidemic, that now we want to extend that insecurity and uncertainty people already have for their PC, to hand held smart phones?

    We need better security models in place, and average users need to be more tech-conscious and able to secure their smart phones… otherwise Identity Theft via Smart Phone will be the new number one “cyber crime”.

    Share
  2. I second you for :
    “Only download apps from trusted sources”

    Never ever download apps from forums especially warez forum…my iPad just broken because of an apps from a warez site :(

    Share
  3. [...] And with Android now becoming a leading global platform, it could invite even more attacks. We reported on the “Geinimi” Trojan attack back in December, which targeted apps that were sold in Chinese app stores or were side-loaded onto [...]

    Share

Comments have been disabled for this post