Posted by: Robert Westervelt
mobile applications, mobile malware, mobile security
Users of Android smartphones in China could be infected by Geinimi malware if mobile applications are downloaded from third-party services.
Security researchers at mobile security firm Lookout Inc. have discovered a new Trojan designed to compromise smartphones running Google’s Android operating system.
The San Francisco-based firm is calling the new malware, “Geinimi” and said it can steal personal data on the user’s phone and send it to remote servers. Lookout said the Geinimi malware displays botnet-like capabilities by having the ability to receive commands from a remote command and control server.
The good news is that so far infections are limited to users who download mobile applications distributed via third-party Chinese Android application markets. The malware is integrated in certain games and requires user interaction, Lookout said.
The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.
Security researchers have been predicting that attackers will begin to use mobile malware to steal sensitive data stored on smartphones or sniff payment information as more and more users conduct banking and make purchases on their smarthphones. While researchers have demonstrated vulnerabilities in smartphones, including the Apple iPhone, only jailbroken devices have been targeted in limited attacks.
Some researchers believe vulnerabilities in applications could be the avenue of future attacks. A common misnomer is that the applications are vetted for security issues by major app store vendors, including Google, Apple, and Blackberry. In a recent interview, security expert Winn Schwartau of Mobile Active Defense said that is absolutely NOT the case.
Lookout said the Geinimi malware attempts to contact C&C servers in five minute intervals using one of ten embedded domain names. Lookout said the malware has the capabilities to send location coordinates of the device, the smartphone identifiers as well as a list of the applications installed on the victim’s device.
Graham Cluley, a security consultant with UK-based security vendor Sophos downplayed the threat posed by Geinimi. He said only users who deliberately change the settings on their phone to install software from “unknown sources” are at risk of infection.
So, the sky is not falling – and it’s not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.