Mobile security firm Lookout today sounded the alarm on a new Trojan that apparently is affecting Android devices in China. It's called "Geinimi" and is piggybacking known legitimate apps, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.
What havoc can it wreak? Says Lookout:
The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five-minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.
You're probably going to have to go way, way out of your way for this to be a problem, though. REPEAT: We're not overly worried about this. You have to download and sideload an infected app through Chinese app stores. So unless you're doing that, you should be cool.
That said, Lookout notes that Geinimi "did substantially increase the level of effort required to analyze the malware" and that it's updated its app to protect against the threat. So if you're running it, you're cool. [Lookout]
- Filed under: