Sign in with
Sign up | Sign in

Geinimi: Android Gets A New Trojan

By - Source: Lookout | B 12 comments

The open Android Marketplace as well as the capability of downloading virtually anything to an Android phone is, conceivably, exposing Android phones to much greater malware risk than the iPhone.

Geinimi is such a nasty malware that is distributed through applications and steals data from your phone.

According to Lookout, Geinimi is launched with an infected application and collects location data as well as unique identifiers for the device and the SIM card. In intervals of five minutes the trojan attempts to transmit collected data to an integrated list of ten domain names, including www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. Lookout said that the communication apparently is only one-way at this time and there is no evidence that the servers in fact send commands back to an infected phone.  

The intent and purpose of Geinimi is not clear at this time, but the security firm believes that one of the possibilities could be an attempt to build an Android botnet. The advice to users is to not install software from sources that aren't trusted. The biggest giveaway of infected apps are excessive information and feature access requests. In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.

Users who are affected by a virus will need anti-malware software to remove Geinimi, Lookout said.   

Display 12 Comments.
This thread is closed for comments
  • 0 Hide
    nforce4max , January 3, 2011 9:47 PM
    So much for security these days.
  • 1 Hide
    milktea , January 3, 2011 10:12 PM
    Google market needs to add a new feature to rate the security of the Apps.

    An App that requests permission for installing and uninstalling of apps should never be trusted. And I just don't see why that is even necessary for any App.
  • 0 Hide
    nebun , January 4, 2011 2:28 AM
    it's all good, they can get all they want from me ;)  even my naked pics
  • 2 Hide
    lashabane , January 4, 2011 3:04 AM
    mayankleoboy1damn!even google is not hacker proof

    Nothing is hacker proof.
  • 0 Hide
    alzheimerz , January 4, 2011 3:29 AM
    I have a Symbian phone. No Trojan. No problem.
  • 6 Hide
    THEfog101 , January 4, 2011 6:17 AM
    alzheimerzI have a Symbian phone. No Trojan. No problem.


    I have a Rock. No Trojan. No Problem.

    see what i did there.
  • 0 Hide
    Vladislaus , January 4, 2011 9:57 AM
    Quote:
    In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.
    Google made it very easy to know to what an app will have access when installing it but most people simply choose to ignore it. I think most people should reeducate themselves in terms of information security.
  • 0 Hide
    pim69 , January 4, 2011 11:40 AM
    sooo... they know exactly the domains the malware reports to. Pretty easy to find out who hosts/owns those domains and sue them, isnt it? I don't get it... why havent they been shut down already?
  • 0 Hide
    g00fysmiley , January 4, 2011 1:38 PM
    pim that depends where thier servers are, if they re in a country that us or interpol have no jurisdiction over and in a country that has no laws against cyber crimes then no it technically isn't illegal at all
  • 0 Hide
    pim69 , January 4, 2011 1:53 PM
    Hopefully they quickly get added to DNS blacklists on internet backbone servers in North America then. Most of the internet's backbone is in the US, so servers in other countries maybe can't be physically brought down, but it's easy to make all the internet's DNS servers ignore them.
  • 3 Hide
    borisof007 , January 4, 2011 2:57 PM
    thefog101I have a Rock. No Trojan. No Problem.see what i did there.


    lololol
  • 0 Hide
    patito97 , January 5, 2011 1:27 PM
    Is this whole thing really that bad? Articles like this make it seem horrible:
    http://www.totaltele.com/view.aspx?ID=461296

    while articles like this make it seem benign:
    http://tinyurl.com/androidNotMuchToWorryAbout

    Like usual, seems to be a lot of talk and not much hard info.