Android Trojan with botnet capabilities found in the wild
Posted on 30.12.2010
A new, more sophisticated Trojan for Android devices has been spotting lurking on third-party Chinese Android app markets - the first ever piece of Android malware that has the capability to receive instructions from a remote server and thus become part of a botnet.

Dubbed "Geinimi", the Trojan is attached to (obviously compromised) versions of legitimate applications - mostly games such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

So far, it has only been spotted being distributed through third-party Chinese app stores. Versions of these applications on the official Google Android Market have not been compromised.

When the affected application is installed on the device, it requires the user to give more permissions that it would usually need. Geinimi them kicks into action, harvests the device's location coordinates, the IMEI and IMSI (unique identifiers for the device and the SIM card), and transmits that information to a remote server via a number of hard-coded domain names.

Until now, the server hasn't been spotted sending instructions to the Trojan, so its final purpose is not yet clear.

It is known, though, that it can download and prompt the user to install an app, prompt him to uninstall an app, and transmit a list of all the installed apps on the device to the aforementioned server.

Lookout's researchers say that Geinimi also uses obfuscation techniques to hide its activities, so it will be more difficult to spot.

But users in general should suspect their devices of being infected by mobile malware if the phone presents unusual behavior such as automatic SMS sending to unknown recipients, automatic phone calls, stealthy installation of unknown applications, etc.

An occasional check of outbound calls and SMSs and of installed applications should become a habit for users.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //