Lookout: Android Trojan with botnet capabilities
To the dismay of Android users, it appears that the Google operating system has fallen victim to an external threat. Recently it has been discovered by sercurity-app maker Lookout, that an Android-specific Trojan is lurking around waiting to take advantage of unsuspecting downloaders. It’s called Geinimi and this Trojan was developed just for Android devices to compromise your personal phone data and allow remote servers to take control of your system.
The Trojan apparently popped-up out of China and was spread via fake versions of Android applications that are advertised as third-party apps. The apps that seem to have been targeted by Geinimi are mostly gaming applications that are posted in Chinese app stores, they include, Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and baseball Superstars 2010.
The word going around is that it steals your personal data and it is showing signs of “botnet-like capabilities.” After the user unintentionally opens the malicious application containing Geinimi, it starts to collect data, including, location coordinates and identifiers for the device (IMEI) and SIM card (IMSI). It then connects to a remote, a subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it succeeds in connecting, Geinimi transmits the collected device information to the remote server. Once connected to the remote it can download and prompt the user to install apps, prompt the user to uninstall apps and also count and send a list of installed applications to the server, all with minimal detection from the user.
The best way to keep your system safe from this threat is prevention, meaning only download from the official Android Marketplace as it has yet to be comprimised, or if you insist on third-party applications, make sure that you read the publishers information and review the ratings prior to installation.
[Android Police via Lookout]