AfterDawn: Tech news

'Geinimi' Trojan taking down Android devices in Asia

Written by Andre Yoskowitz (Google+) @ 30 Dec 2010 22:34 User comments (12)

'Geinimi' Trojan taking down Android devices in Asia Lookout Mobile Security has reported this week that a new Android-based Trojan Horse dubbed "Geinimi" has been taking down Android devices in China over the past month.
So far, there have been no reported cases in Europe or the Americas, as the malware-infected apps have only been seen on Chinese mobile apps websites.

Says the security firm:
A new Trojan affecting Android devices has recently emerged in China. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers. The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.


If the phone is infected, "it has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Lookout. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

A couple of the games tainted with the Trojan are Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

The company makes it clear that any apps coming directly from the Google Android Market are safe.

Previous Next  

12 user comments

130.12.2010 22:46

The Chinese Gov't must've came up with this one....

231.12.2010 4:52

hmmm is this an attempt at keeping everyone buying apps from the official sources rather than file sharing?

331.12.2010 5:27

@ ivymike, im pretty sure its not the Chinese Gov mate, its far more likely to be a western nations.

Dont forget the virus in Iran, that specifically went after the motors of the enricher's.

And the recent probably corporate payback on the anonymous group.

As there is no digital version of the Geneva convention, I think we have only just seen the start of Government's and large corps using tech and the internet in more subversive and questionable ways as they wake up to their potential...

... this is exactly the same as the nuclear arms race, one country starts (did way back) and they all have to follow to keep up until a level of MAD is archived and then it goes one of two ways...

FYI MAD = (mutually assured destruction)

431.12.2010 6:14

It isn't a virus...it is a trojan. You have to manually install it. We are not talking about an attack here.



531.12.2010 6:25

Originally posted by KillerBug:
It isn't a virus...it is a trojan. You have to manually install it. We are not talking about an attack here.
Actually killer if we are going to be pedantic, a trojan is a virus, is the type of, for example:

Worm
Trojan
Root Kit
Back Door
ETC..

PS i belive the free lookout mobile security for droid detects it :)
This message has been edited since its posting. Latest edit was made on 31 Dec 2010 @ 6:32

631.12.2010 8:45

This is why I'll never give up my trusty old blackberry. There's a reason why they're the only government approves smart phones.
Nothing against Google or the Android community but there's open and there's too open


XXYYQQOO!!! Yeah WELCOME TO JAMROCK

731.12.2010 9:04

Originally posted by xyqo:
This is why I'll never give up my trusty old blackberry. There's a reason why they're the only government approves smart phones.
Nothing against Google or the Android community but there's open and there's too open
There is open, to open and then having a pretty good system and turning it off, opening the door and inviting everyone inside, really as the only android concerns have all been the last one so far.

If people will change the option to allow apps from unknow sources, then knowling download warez and hooky apps from untrusted locations and then ends up with a virus as a result... whos to blame... only the user.

And dude, i dont think black berries are the only phone the goverments use... ever heard of FIPS, see Link Here

Seriously its not as if virus's were never created for the blackberry platform, from memory bbproxy was just one. There was also the mess in the middle east where the goverment made the teleco install spyware so they could get at users stuff a year or so before it all blew up places threating to bar them in their country due to not being able sniff data due to encrypted transfers.

This is a good article Link Here.

And thats not to mention the fact that blackberry do their connect software to support other non rim devices, so they can also use the transport system.

At the end of the day use pop3 or imap and set it to use cert based secure sockets and where is the diffirence..... its always amazed me that rim has kept going this long and always made me laugh that despite the face every single gprs ive ever owned included a pop3 client. That it wasnt until the days of the iphone that a large majority of crack berry users i talked to started to realise the berry was not the only device that would email...
This message has been edited since its posting. Latest edit was made on 31 Dec 2010 @ 9:17

831.12.2010 13:27

Gee....I hate to say this but I think Mcaffee...they said apple devices and smartphones would be attacked with viruses on the 28th.......look on New Years Eve and it fucking happens HOURS BEFORE 2011 I Think Mcaffee is doing this this cannot be a coincidence

91.1.2011 13:01

Or, perhaps, they see the malware samples coming in, with THAT DATE in the code..? Think a little, man.

102.1.2011 7:39

Originally posted by Tristan_2:
Gee....I hate to say this but I think Mcaffee...they said apple devices and smartphones would be attacked with viruses on the 28th.......look on New Years Eve and it fucking happens HOURS BEFORE 2011 I Think Mcaffee is doing this this cannot be a coincidence
Paranoid much?



To get instant assistance with Flashing / JTAG / Homebrew from experts for free! click me (Im not one of the said experts BTW)

Make poverty history, cheaper drugs NOW!

112.1.2011 9:34

This is why I keep my phone in a condom.


www.inebriare.com
Xbox Live: Rogue Jello - PSN: bam431 - IGN: bam431
Youtube: electrowaffle - Twitter: bam431
i5 760, P7P55D-E, Vapor-X HD5770, 8GB DDR3, 1TB HDD,

122.1.2011 9:35

ha :-p its good that in this day and age to know people still practice safe text.

Comments have been disabled for this article.

News archive