Tuesday, October 21, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Is Rolling Out First New Windows 10 Preview Build
Yahoo Reports High Revenue and Profit
New Samsung Galaxy S5 'Plus' Released With Faster Processor
Google, Facebook And Comcast Spend The Most On Lobbying
Google Play Music App To Follow Your Mood
Login To Google Using A USB Security Key
Toshiba Debuts New 2-in-1 Convertible PC with a 360-Degree Design
Acer Leads The Growing Chromebook Market
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > Mobiles > Geinimi...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, December 31, 2010
Geinimi Android Trojan Found China


A new Trojan affecting Android devices has recently emerged in China. Dubbed "Geinimi" based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user?s phone and send it to remote servers, security researchers said on Thursday.

Anti-virus firm Lookout Mobile Security said that Geinimi is the most sophisticated Android malware so far and also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user?s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

Geinimi is effectively being "grafted" onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets, the reserachers said. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn?t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.

How it works:

When a host application containing Geinimi is launched on a user?s phone, the Trojan runs in the background and collects significant information that can compromise a user?s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Though Lookout Mobile Security has seen Geinimi communicate with a live server and transmit device data, the security firm has yet to observe a fully operational control server sending commands back to the Trojan. The analysis of Geinimi?s code is ongoing and the reserachers have already evidence of the following capabilities:

* Send location coordinates (fine location)
* Send device identifiers (IMEI and IMSI)
* Download and prompt the user to install an app
* Prompt the user to uninstall an app
* Enumerate and send a list of installed apps to the server

While Geinimi can remotely initiate an app to be downloaded or uninstalled on a phone, a user still needs to confirm the installation or uninstallation.

"Geinimi?s author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities. In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted. While the techniques were easily identified and failed to thwart analysis, they did substantially increase the level of effort required to analyze the malware. The Lookout Security team is continuing to analyze capabilities of new and existing Geinimi variants and will provide more information as we uncover it," teh security experts said.

Currently Geinimi is distributed through third-party Chinese app stores. To download an app from a third-party app store, Android users need to enable the installation of apps from "Unknown sources" (often called "sideloading"). Geinimi could be packaged into applications for Android phones in other geographic regions. Lookout Mobile Security has not seen any applications compromised by the Geinimi Trojan in the official Google Android Market.

There are a number of applications?typically games? seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected.

Lookout has already delivered an update for its Android users to protect them against known instances of the Trojan.

How to Stay Safe:

* Only download applications from trusted sources, such as reputable application markets. Remember to look at the developer name, reviews, and star ratings.
* Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
* Be aware that unusual behavior on your phone could be a sign that your phone is infected. Unusual behaviors include: unknown applications being installed without your knowledge, SMS messages being automatically sent to unknown recipients, or phone calls automatically being placed without you initiating them.
* Download a mobile security app for your phone that scans every app you download.


Previous
Next
Facebook Tops Google As Most Visited Site in U.S.        All News        NOOK Line of eReading Devices Becomes Barnes & Noble?s Biggest Bestseller
Samsung Sells Its 10 Millionth Galaxy S Smartphone     Mobiles News      4G Smartphones To Debut at CES 2011

Get RSS feed Easy Print E-Mail this Message

Related News
Google Announces New Android Lollipop, Nexus 6 Smartphone, Nexus 9 Tablet And Nexus Player Streamer
Android L To Support Encryption By Default
First Low-cost Android One Phone Unveiled
First Android Apps Coming to Chromebooks
Android Gaming Consoles on the Horizon
Your Android Phone Is Telling the World Where You've Been
Selfmite SMS Worm Attacks Android Devices
Android, Windows Phones To Feature Kill Switches
Google To Enter The Living Room Battle With Android TV
Android Silver Devices Coming Next Year: report
Law Firm Files Antitrust Class-action Lawsuit Against Google
Apple Remains Top Smartphone Maker In February, Yahoo Expands Mobile Audience Reach

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .