Lookout for “Geinimi” trojan

A new security threat to Android emerging out of China has made it’s way into the news tonight. Mobile security outfit Lookout has put out some information on a Trojan being called “Geinimi.” According to Lookout, Geinimi “can compromise a significant amount of personal data on a user’s phone and send it to remote servers.” More specifically:

…it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Our analysis of Geinimi’s code is ongoing but we have evidence of the following capabilities:

-Send location coordinates (fine location)
-Send device identifiers (IMEI and IMSI)
-Download and prompt the user to install an app
-Prompt the user to uninstall an app
-Enumerate and send a list of installed apps to the server

Fortunately for most readers, Lookout says the affected must have downloaded an infected app from a third-party Chinese app store, and manually installed it onto their device. Just in case you did download Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, or Baseball Superstars 2010, Lookout has a fix at the ready. Stay tuned for more information on Geinimi as it’s made available. Until then, be cautious of what you download.

Via Lookout, by way of Android Central

Tags: ,