HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 6 MINUTES AGO.
You are here: Home / Viruses & Malware / Trojan Grabs Info on Android Devices
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Trojan Grabs Private Information from Android Devices
Trojan Grabs Private Information from Android Devices
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
30
2010



A new Trojan is targeting Android devices. Known in security circles as Geinimi, the Trojan is powerful enough to compromise the personal data on a user's smartphone and send it to remote servers.

So says Lookout Mobile Security. In fact, the firm said the new Trojan is the most sophisticated Android malware its security researchers have seen to date. What's more, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. That means once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

"Geinimi is effectively being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets," the company wrote in a blog post. "The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions."

Apple's Advantage

Lookout said the Trojan's intent isn't entirely clear, but the possibilities range from a malicious ad network to an attempt to create an Android botnet.

Here's how it works: When a host application containing Geinimi is launched on a user's phone, the Trojan runs in the background and collects information that can compromise a user's privacy, Lookout said. That includes location coordinates and unique identifiers for both the device and SIM card. At five-minute intervals, Lookout explains, Geinimi attempts to connect to a remote server using one of 10 embedded domain names. If it connects, Geinimi transmits collected information to the remote server.

"This is unlikely to affect end users in the U.S. You have to go to a third-party site and enable and install third-party applications outside the marketplace. But it underscores the Wild West nature that is the Android platform," said Michael Gartenberg, an analyst at Gartner.

"Something like this would be virtually impossible on an iPhone. There's no easy way of installing applications on the iPhone that didn't come from the marketplace unless you are willing to go through hoops to try to jailbreak it. This underscores Apple's position of maintaining end-to-end control, and the reason for doing so is that iPhone users don't have to worry about these types of things."

Protecting Your Phone

The good news for Android users is Lookout said there is no evidence that Geinimi is distributed through third-party Chinese app stores. To download an app from a third-party app store, Android users need to enable the installation of apps from "unknown sources." Although Geinimi could be packaged into applications for Android phones in other geographic regions, Lookout has not seen any applications compromised by the Geinimi Trojan in the official Google Android Market.

"There are a number of applications -- typically games -- we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs Aliens, City Defense, and Baseball Superstars 2010," Lookout said. "It is important to remember that even though there are instances of the games repackaged with the Trojan, the original versions available in the official Google Android Market have not been affected."

Lookout said Android users can stay safe by only downloading applications from trusted sources, such as reputable application markets, by always checking the permissions an app requests, by being aware of unusual behavior on the phone, and by downloading a mobile security app.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Barium Ferrite Is The Future Of Tape: Barium Ferrite (BaFe) offers greater capacity, superior performance, and longer archival life compared to legacy metal particle (MP) tape. Click here to learn more.
MORE IN VIRUSES & MALWARE
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.