Security Alert: Geinimi, Sophisticated New Android Trojan Found in Wild
A new Trojan (“Geinimi”) affecting Android devices has recently emerged in China
- can compromise a significant amount of personal data on a user’s phone and send it to remote servers
- the first Android malware in the wild that displays botnet-like capabilities
- being “grafted” onto repackaged versions of legitimate applications
- it has the potential to receive commands from a remote server that allow the owner of that server to control the phone
- the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet
So why am I writing about this malware, when I don't even own a smartphone? Because the article was written by my son, Tim.
Back in July (http://strazzere.blogspot.com/2010/07/go-west-young-man.html) I wrote about how Tim moved to California, and became part of the Security Response Team at Lookout in San Francisco.
As part of his work there, Tim found and reverse-engineered this malware, helped develop Lookout's protection for it, and created this writeup.
As we say in New England, Tim is Wicked Smaht and works Wicked Hahd.
And his Mom and Dad are Wicked Proud!
Back in July (http://strazzere.blogspot.com/2010/07/go-west-young-man.html) I wrote about how Tim moved to California, and became part of the Security Response Team at Lookout in San Francisco.
As part of his work there, Tim found and reverse-engineered this malware, helped develop Lookout's protection for it, and created this writeup.
As we say in New England, Tim is Wicked Smaht and works Wicked Hahd.
And his Mom and Dad are Wicked Proud!
see also:
http://www.securitynewsdaily.com/new-trojan-found-on-android-mobile-devices-0379/
http://www.zdnet.com/blog/google/android-malware-in-the-wild/2724
http://news.cnet.com/8301-1009_3-20026804-83.html
http://content.usatoday.com/communities/technologylive/post/2010/12/nasty-android-trojan-found-grafted-to-gaming-apps-/1
http://www.tgdaily.com/mobility-features/53287-trojan-can-take-over-android-phones
http://news.yahoo.com/s/mashable/20101230/tc_mashable/advanced_trojan_could_zombify_your_android_device
http://www.securitynewsdaily.com/new-trojan-found-on-android-mobile-devices-0379/
http://www.appleinsider.com/articles/10/12/29/new_android_malware_could_produce_chinese_botnet_harvest_personal_data.html
http://www.itespresso.es/un-nuevo-troyano-amenaza-a-los-terminales-android-48779.html
http://www.security.nl/artikel/35655/1/Eerste_Android_malware_met_botnet-eigenschappen.html
http://www.computerworld.ch/news/security/artikel/fieser-android-trojaner-im-anmarsch-55359/
http://mobile.slashdot.org/story/10/12/30/1856242/Android-Trojan-Found-Spreading-From-Chinese-App-Stores
According to Tim:
It's "Geinimi" not "Gemini", and pronounced "Ghay-knee-mē" - translates from Chinese to roughly "Give me rice"
And here's the followup teardown Tim wrote:
http://blog.mylookout.com/2011/01/geinimi-trojan-technical-analysis/
This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance. I like to lead, to test, and occasionally to write about leading and testing. Find me at http://strazzere.blogspot.com/. |