Geinimi: Android Gets A New Trojan

By Douglas Perry
published

The open Android Marketplace as well as the capability of downloading virtually anything to an Android phone is, conceivably, exposing Android phones to much greater malware risk than the iPhone.

Geinimi is such a nasty malware that is distributed through applications and steals data from your phone.

According to Lookout, Geinimi is launched with an infected application and collects location data as well as unique identifiers for the device and the SIM card. In intervals of five minutes the trojan attempts to transmit collected data to an integrated list of ten domain names, including www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. Lookout said that the communication apparently is only one-way at this time and there is no evidence that the servers in fact send commands back to an infected phone.  

The intent and purpose of Geinimi is not clear at this time, but the security firm believes that one of the possibilities could be an attempt to build an Android botnet. The advice to users is to not install software from sources that aren't trusted. The biggest giveaway of infected apps are excessive information and feature access requests. In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.

Users who are affected by a virus will need anti-malware software to remove Geinimi, Lookout said.   

Douglas Perry
12 Comments Comment from the forums
  • nforce4max
    So much for security these days.
    Reply
  • milktea
    Google market needs to add a new feature to rate the security of the Apps.

    An App that requests permission for installing and uninstalling of apps should never be trusted. And I just don't see why that is even necessary for any App.
    Reply
  • nebun
    it's all good, they can get all they want from me ;) even my naked pics
    Reply
  • lashabane
    mayankleoboy1damn!even google is not hacker proofNothing is hacker proof.
    Reply
  • alzheimerz
    I have a Symbian phone. No Trojan. No problem.
    Reply
  • THEfog101
    alzheimerzI have a Symbian phone. No Trojan. No problem.
    I have a Rock. No Trojan. No Problem.

    see what i did there.
    Reply
  • Vladislaus
    In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.
    Google made it very easy to know to what an app will have access when installing it but most people simply choose to ignore it. I think most people should reeducate themselves in terms of information security.
    Reply
  • pim69
    sooo... they know exactly the domains the malware reports to. Pretty easy to find out who hosts/owns those domains and sue them, isnt it? I don't get it... why havent they been shut down already?
    Reply
  • g00fysmiley
    pim that depends where thier servers are, if they re in a country that us or interpol have no jurisdiction over and in a country that has no laws against cyber crimes then no it technically isn't illegal at all
    Reply
  • pim69
    Hopefully they quickly get added to DNS blacklists on internet backbone servers in North America then. Most of the internet's backbone is in the US, so servers in other countries maybe can't be physically brought down, but it's easy to make all the internet's DNS servers ignore them.
    Reply