New Android Trojan horse could prove costly

Filed Under: Android, Malware, Mobile

Evil AndroidSome vendors are calling it HongTouTou, others have named it Adrd, and Sophos (rather unimaginatively in my view!) treats it as a variant of Geinimi, but whatever your anti-virus product chooses to call it, there's no denying that a new Trojan horse for Android smartphones is making headlines.

The latest Trojan horse for Google's Android operating system has been seen posing in Chinese third-party app stores as legitimate programs such as Wallpaper apps.

The official Android Market, run by Google, does not appear to be carrying the malicious apps - but if you go "off-road" and choose to install software on your smartphone from elsewhere on the net, then you could be putting your device at risk.

Android application settingsFor this reason, the vast majority of Android users probably have little to fear. But those who do install applications from unknown sources (known as "sideloading") do need to recognise that they might be putting their smartphone, data and potentially finances in danger.

Once installed, the malicious application can not only gather information about your smartphone (the device's IMEI and IMSI), but it can also emulate clicks on particular search results - giving the visited websites the impression that it is a real mobile phone user choosing to visit their pages.

The assumption has to be that those behind the Trojan horse might be earning commission through the click traffic. Furthermore, of course, it could hurt you in your pocket by eating up data bandwidth.

Interestingly, the malicious code appears to have the ability to download updates for itself via the web, which could contain additional functionality.

Sophos has been detecting the Trojan as a variant of Troj/Geinimi-A since 00:15 BST on 15 February 2011.

For more information about the Trojan, check out the blog entry from the mobile security researchers at Lookout.

, , , , ,

You might like

7 Responses to New Android Trojan horse could prove costly

  1. iadvize · 1690 days ago

    Whatever it is called, I call it annoying. More than likely I will be one of those with an issue. That would be just my luck. Interesting bit of work that, that it can connect to the internet all on its own.

  2. Please which website can i get applications that are from a trusted and tested version?

    • I think you're asking where you should go for "Approved" apps.

      The answer is the iTunes Store if you have an Apple iPhone, and the official Android Market if you have an Android smartphone.

      Of course, just because something comes from the official store doesn't necessarily mean that it's safe.

      For instance,

      • Mike · 1688 days ago

        There were several talks at Shmoocon that covered the whole "if it comes from the Android Market, it's safe" thinking. Definitely Apple has a stricter, and as a result, a more safer market than Android. I hope Google does something about it. Check out the talks by [Georgia Weidman] and [Jon Oberheide and Zach Lanier] at Shmoocon.

  3. Is Sophos planning on entering the mobile security market? I feel naked out there on my Droid... If not, what mobile security product(s) do you recommend?

  4. Yes, you can read the official announcement here:

  5. As smart phones are used more for work, and with the increase of mobile transactions, criminals are obviously moving to target vulnerabilities for example with fake apps. Until the appropriate solution is developed business users need to be educated as to the potential vulnerabilities of accessing confidential information from their mobiles.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley