Android trojan

A week or so ago we warned everyone about the Geinimi trojan that's been spotted in the wilds of the Orient.  The threat level itself hasn't increased (as far as we know) if you aren't poking around Chinese Android fansites and downloading slightly questionable programs, so there's no need to ring the alarm and circle the wagons just yet.  Lookout has torn down the trojan itself and gives a great overview of what it does, and how it does it.  This isn't a primer to teach yourself trojan writing, it's standard practice among security firms to show how things are done and help find ways to prevent it in the future.  First, here's exactly what this trojan can do:

  • Read and collect SMS messages
  • Send and delete selected SMS messages
  • Pull all contact information and send it to a remote server (number, name, the time they were last contacted)
  • Place a phone call
  • Silently download files
  • Launch a web browser with a specific URL

Yikes.  Remember, this is so far a pretty isolated incident, and this isn't in any apps you can get from the Android Market.  In fact, so far it looks like it's confined to "warez" files, so it mirrors what you find on the internet when downloading questionable files for your computer.  Our advice -- stick to applications from someone you trust, and if you have a need to download random applications (we have to do it here all the time to check them out) find a method to scan them for malicious code.

Lookout breaks the code itself down, if your a developer or just curious be sure to have a look.  It's pretty sophisticated and a shame that the developer(s) don't put their effort into something a bit more productive.  Check the source link for all the details, including a .pdf file with a complete code breakdown. [Lookout] Thanks Cerena!

There are 5 comments

sookster54 says:

Why does it keep getting spelled "Geimini"?

And when you go to the market or install apps from another source, beware of the risks when you see "services that costs you money" and "read contact info" and similar permissions.

dethduck says:

I wouldn't be surprised if they freakin' created it themselves.
I trust these mobile antivirus makers about as much as these trojan carrying apps.
Funny how these are the same guys that conveniently found a virus at blackhat right as they released their own "service" on the market.

BlackHawkA4 says:

I like that theory. I never get any viruses on anything I use. Its a scam!

pattavino says:

Just wondering if that "trojan" can b used in a corporate situation where they would want to track employee use.

jm0 says:

Why do people always think everything is a conspiracy? All their doing is informing the public of malicious software and how to avoid it, NOT implanting chips in our brains.