Mobile security firm Lookout recently posted a warning regarding the discovery of a trojan that affects Android devices.
According to the company, the trojan (dubbed Geinimi) is showing up in China, and is designed to harvest personal data from users’ devices and send that data to remote servers. Lookout is calling this “the most sophisticated Android malware we’ve seen to date.” The firm goes on to say that once the software is installed on a device, a remote server can be used to send commands to the software to gain control over the device.
The trojan is currently being meshed with legitimate applications (mainly games) which are then distributed into app markets. According to Lookout, the infected applications require user permissions that go above and beyond what’s normal. The company says that while the true intent of Geinimi isn’t known yet, the possibility of creating an Android botnet can’t be ruled out.
Lookout says that the type of user information collected by the trojan includes location coordinates as well as device identifiers (IMEI and IMSI.) Every five-minutes, Geinimi tries to connect to a remote server using one of ten domain names embedded in the software. Once connected, the software then sends the collected information to the server.
The company goes on to say that while they have observed the software sending data, they have yet to witness a fully operational server sending commands back to the infected device.
Those who are using Lookout Mobile Security software protection (available for free in the Android Market) on their device should know that the company has issued an update to deal with this issue.
What’s important to remember is that, as of now, this trojan is only found in third-party Chinese app stores, and unless you’re downloading apps from there, you should be safe as there are no reports that users downloading apps from the official Android Market are being infected.
Source: Lookout Mobile Security