Geinimi, a new Trojan affecting Android devices, has just emerged in China. This complex Trojan is being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. Here’s what you need to know about Geinimi.
Named based on its first known incarnation, Geinimi, is the first Android malware known to display botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone. Quite simply, this is a serious concern for the Android community.
According to Lookout, when a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI).
At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.
Currently, Lookout has only seen Geinimi communicate with a live server and transmit data, but not a fully operational control server sending commands back to the Trojan. The only evidence of Geinimi remains in third-party Chinese app store and users must enable the installation of apps from “Unknown sources” — better known as sideloading. No applications from the official Google Android Market have been affected.
The current list of applications that have been repackaged with the Geinimi Trojan and posted in Chinese app stores include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Keep in mind that although the repackaged versions of these games distributed by third party app stores may be affected, the original versions in the Google Android Market have not been affected.
Now it’s time to hear from you. What do you think about the Geinimi Trojan and the possibility of other Trojans affecting Android handsets. For now only users who sideload applications risk infection, but what if the Trojan finds its way into the official market?