California-based start up Lookout Mobile Security said a new Trojan - dubbed Geinimi' - affecting Android devices has recently emerged in China, capable of stealing a significant amount of personal data from a user's phone and send it to remote servers.
The provider of smartphone protection software said once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.
The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities, the company said in a blog post.
Lookout Mobile said though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.
Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, mainly games, and distributed in third-party Chinese Android app markets, the company said. These include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.
Lookout said it has not seen any applications compromised by Geinimi in the official Google Android Market.
The company said it has already updated its Android users to protect them against known instances of the Trojan.
How it Works:
When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI).
At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.