Geinimi: Android Gets A New Trojan
The open Android Marketplace as well as the capability of downloading virtually anything to an Android phone is, conceivably, exposing Android phones to much greater malware risk than the iPhone.
Geinimi is such a nasty malware that is distributed through applications and steals data from your phone.
According to Lookout, Geinimi is launched with an infected application and collects location data as well as unique identifiers for the device and the SIM card. In intervals of five minutes the trojan attempts to transmit collected data to an integrated list of ten domain names, including www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. Lookout said that the communication apparently is only one-way at this time and there is no evidence that the servers in fact send commands back to an infected phone.
The intent and purpose of Geinimi is not clear at this time, but the security firm believes that one of the possibilities could be an attempt to build an Android botnet. The advice to users is to not install software from sources that aren't trusted. The biggest giveaway of infected apps are excessive information and feature access requests. In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.
Users who are affected by a virus will need anti-malware software to remove Geinimi, Lookout said.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
milktea Google market needs to add a new feature to rate the security of the Apps.Reply
An App that requests permission for installing and uninstalling of apps should never be trusted. And I just don't see why that is even necessary for any App. -
THEfog101 alzheimerzI have a Symbian phone. No Trojan. No problem.Reply
I have a Rock. No Trojan. No Problem.
see what i did there. -
Vladislaus In Geinimi's case, the app asks for location coordinates, device identifiers, the permission for installing and uninstalling of apps, and a list of installed apps on a device.
Google made it very easy to know to what an app will have access when installing it but most people simply choose to ignore it. I think most people should reeducate themselves in terms of information security. -
pim69 sooo... they know exactly the domains the malware reports to. Pretty easy to find out who hosts/owns those domains and sue them, isnt it? I don't get it... why havent they been shut down already?Reply -
g00fysmiley pim that depends where thier servers are, if they re in a country that us or interpol have no jurisdiction over and in a country that has no laws against cyber crimes then no it technically isn't illegal at allReply -
pim69 Hopefully they quickly get added to DNS blacklists on internet backbone servers in North America then. Most of the internet's backbone is in the US, so servers in other countries maybe can't be physically brought down, but it's easy to make all the internet's DNS servers ignore them.Reply