Geinimi Android Trojan horse discovered

Filed Under: Android, Google, Malware, Mobile

AndroidThere has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.

The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.

Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For instance, in the past we've seen banking malware has been found in the Android Market, security researchers have demonstrated spyware rootkits for Android devices, and users have been warned about Trojans from Russia which send SMS text messages to premium-rate numbers.

Android application settingsIn the case of the Geinimi malware, the good news is that it appears not to have made it into the official Android market app store - meaning that you would only have been putting yourself at risk if you installed poisoned software from an unauthorised source. Researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.

And you have to deliberately change the settings on your Android smartphone to make it possible to install software from such "unknown sources".

So, the sky is not falling - and it's not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.

Android is a much more "open" operating system than the Apple iOS used on iPhones and iPads, and Android users don't have to jump through as many hoops to install applications that have not been made "officially" available.

And, it shouldn't be forgotten that not all attacks are OS-specific. Phishing attacks, for instance, don't care what operating system you're running - they just rely on you not taking enough care about the link you are clicking on (something that's pretty easy to do when you have a small screensize to view a - perhaps - long url).

And increasingly we are seeing examples of threats which only exist "within the browser" or spreading entirely inside a social network, never touching your smartphone's operating system.

So there are dangers out there whatever kind of browsing device you are using. Desktop or laptop, mobile or tablet.

Sophos products can detect samples of the Geinimi Trojan we have seen to date as Troj/Geinimi-A.

Image source: Laihiu's Flickr photostream. (Creative Commons)

, , , ,

You might like

2 Responses to Geinimi Android Trojan horse discovered

  1. Hi Graham,

    Wish You a Very Happy and Prosperous New year.
    I would like to know if there is any App design in progress for Andriod based Smartphones in mkt at the moment from Sophos.

    Being A security provider and reducing the risk , we expect an app from sophos , as other Security vendors has already made.

    Regards,
    Vivek

    • Hi Vivek. No announcements have been made regarding a Sophos product for Android yet - but I'm sure we won't keep quiet about it once there's something to say. :)

      Oh, and a happy new wotsit to you too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.