Geinimi: Android Gets A New Trojan

Geinimi is such a nasty malware that is distributed through applications and steals data from your phone.

According to Lookout, Geinimi is launched with an infected application and collects location data as well as unique identifiers for the device and the SIM card. In intervals of five minutes the trojan attempts to transmit collected data to an integrated list of ten domain names, including www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. Lookout said that the communication apparently is only one-way at this time and there is no evidence that the servers in fact send commands back to an infected phone.  

The intent and purpose of Geinimi is not clear at this time, but the security firm believes that one of the possibilities could be an attempt to build an Android botnet. The advice to users is to not install software from sources that aren't trusted. The biggest giveaway of infected apps are excessive information and feature access requests. In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.

Users who are affected by a virus will need anti-malware software to remove Geinimi, Lookout said.   

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
12 comments
    Your comment
  • nforce4max
    So much for security these days.
    0
  • milktea
    Google market needs to add a new feature to rate the security of the Apps.

    An App that requests permission for installing and uninstalling of apps should never be trusted. And I just don't see why that is even necessary for any App.
    1
  • nebun
    it's all good, they can get all they want from me ;) even my naked pics
    0