New Android Trojan horse could prove costly

Evil AndroidSome vendors are calling it HongTouTou, others have named it Adrd, and Sophos (rather unimaginatively in my view!) treats it as a variant of Geinimi, but whatever your anti-virus product chooses to call it, there’s no denying that a new Trojan horse for Android smartphones is making headlines.

The latest Trojan horse for Google’s Android operating system has been seen posing in Chinese third-party app stores as legitimate programs such as Wallpaper apps.

The official Android Market, run by Google, does not appear to be carrying the malicious apps – but if you go “off-road” and choose to install software on your smartphone from elsewhere on the net, then you could be putting your device at risk.

Android application settingsFor this reason, the vast majority of Android users probably have little to fear. But those who do install applications from unknown sources (known as “sideloading”) do need to recognise that they might be putting their smartphone, data and potentially finances in danger.

Once installed, the malicious application can not only gather information about your smartphone (the device’s IMEI and IMSI), but it can also emulate clicks on particular search results – giving the visited websites the impression that it is a real mobile phone user choosing to visit their pages.

The assumption has to be that those behind the Trojan horse might be earning commission through the click traffic. Furthermore, of course, it could hurt you in your pocket by eating up data bandwidth.

Interestingly, the malicious code appears to have the ability to download updates for itself via the web, which could contain additional functionality.

Sophos has been detecting the Trojan as a variant of Troj/Geinimi-A since 00:15 BST on 15 February 2011.

For more information about the Trojan, check out the blog entry from the mobile security researchers at Lookout.