Android Trojan with botnet capabilities found in the wild
Posted on 30.12.2010
A new, more sophisticated Trojan for Android devices has been spotting lurking on third-party Chinese Android app markets - the first ever piece of Android malware that has the capability to receive instructions from a remote server and thus become part of a botnet.

Dubbed "Geinimi", the Trojan is attached to (obviously compromised) versions of legitimate applications - mostly games such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

So far, it has only been spotted being distributed through third-party Chinese app stores. Versions of these applications on the official Google Android Market have not been compromised.

When the affected application is installed on the device, it requires the user to give more permissions that it would usually need. Geinimi them kicks into action, harvests the device's location coordinates, the IMEI and IMSI (unique identifiers for the device and the SIM card), and transmits that information to a remote server via a number of hard-coded domain names.

Until now, the server hasn't been spotted sending instructions to the Trojan, so its final purpose is not yet clear.

It is known, though, that it can download and prompt the user to install an app, prompt him to uninstall an app, and transmit a list of all the installed apps on the device to the aforementioned server.

Lookout's researchers say that Geinimi also uses obfuscation techniques to hide its activities, so it will be more difficult to spot.

But users in general should suspect their devices of being infected by mobile malware if the phone presents unusual behavior such as automatic SMS sending to unknown recipients, automatic phone calls, stealthy installation of unknown applications, etc.

An occasional check of outbound calls and SMSs and of installed applications should become a habit for users.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //