Android Trojan Geinimi Steals User Data

Spreads via third-party Chinese App Stores packaged in games and other apps

Though Google Android operating system is based on Linux-based kernel, it's not completely secured. In April we reported about the Mariposa botnet targeted at Android phones. Hackers have quietly sneaked in a new Trojan Horse malware - Geinimi - that spreads on Android phones via Games and other Apps, reported PC World. Kevin Mahaffey, CTO of Lookout Mobile Security that develops mobile security software said that Geinimi Trojan appears to be the first one with botnet-capabilities targeted at Android mobiles.



Geinimi Trojan is "grafted" to work on the repackaged Apps that includes mostly games and is distributed via third-party Chinese App Store. Once the malicious Trojan packaged App is downloaded, the App asks Android phone users for a larger set of permissions than it's supposed to verify. The Trojan gains information about the phone and performs the following activities of sending data to a remote server:

- Send location coordinates (fine location)
- Send device identifiers (IMEI and IMSI)
- Download and prompt the user to install an app
- Prompt the user to uninstall an app
- Enumerate and send a list of installed apps to the server


All this data is sent to a command-and-control server that connects multiple domains. However, Lookout is yet to determine the true purpose of the Geinimi Trojan. Since the malware can connect to several domains and get instructions from the remove server, Lookout termed its operation very botnet-like.


Though the Trojan spreads only through Third-Party Chinese App Store, all Android phones users must resist downloading Apps from untrusted sources. Always read and then allow the necessary permissions to the Apps. In case of any unusual behavior, get the mobile security Apps and get the mobile system checked.