According to reports from mobile security firm lookout, a new Trojan affecting Android devices has recently emerged in China. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers.
It is the most sophisticated Android malware seen to date. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.
Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.
Who is affected?
Current evidences shows that Geinimi is distributed through third-party Chinese app stores. To download an app from a third-party app store, Android users need to enable the installation of apps from “Unknown sources” (often called “sideloading”). Geinimi could be packaged into applications for Android phones in other geographic regions. It is found that, apps from the official Google Android Market ahve not been affected.
There are a number of applications, typically games, that are repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected.
How to Stay Safe:
- Only download applications from trusted sources, such as reputable application markets. Remember to look at the developer name, reviews, and star ratings.
- Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
- Be aware that unusual behavior on your phone could be a sign that your phone is infected. Unusual behaviors include: unknown applications being installed without your knowledge, SMS messages being automatically sent to unknown recipients, or phone calls automatically being placed without you initiating them.
- Download a mobile security app for your phone that scans every app you download. [source]