Android Trojan

A sophisticated and classy Trojan mainly for Android devices has been marking loiter on the 3^rd party Chinese Android application markets. This is the first ever bit of Android malware which is made with the capability to obtain instructions from server located at a remote location. In this way this becomes a part of a botnet.

The Trojan called “Geinimi” that is attached to versions of genuine applications, generally games like President vs. Aliens, Monkey Jump 2, Baseball Superstars 2010 and City Defense.

Till now it has been distributed only through 3^rd party Chinese application stores. The versions of such applications haven’t been conciliated on the officially authorized “Google Android Market”.

As the affected unofficial application is installed, user needs to give more permission than usually required. This is when Geinimi kicks into action, crops the device’s positional coordinates, the IMEI and IMSI and then the information is send out to a distant server through some hard coded domain names.

The server has not been spotted transferring instructions to the Trojan until now, thus its ultimate purpose is not that clear yet. But it is known that it can download and influence the user to install an application or prompt the user to uninstall any application and also transmit the list of all the installed applications on that device to the aforesaid server.

Researchers state that Geinimi also make the use techniques of obfuscation in order to hide its actions, so it is much more difficult to spot or locate. Users generally suspect their devices being contaminated by some mobile malware when the phone shows unusual activities such as automated Messaging to anonymous recipients in random, sneaky installation of applications those are unknown, phone calls automatically generated, etc.

Occasional checking of outgoing SMSs and calls and confirmation on installing applications must become a practice for users.

Related Post