New Data Stealing Trojan For Android Has Botnet Capabilities

Security researchers say they have discovered a new Trojan horse program that targets mobile phones running Google’s Android operating system that may be the first to attempt to create a so-called ‘botnet’ of infected mobile devices. 

Android botnetSecurity researchers say they have discovered a new Trojan horse program that targets mobile phones running Google’s Android operating system that may be the first to attempt to create a so-called ‘botnet’ of infected mobile devices. 

The new malware, dubbed “Geinimi” raises the bar on mobile malware, according to a post on the blog of mobile phone security firm Lookout Security. The malware, which has not been detected outside of China, is being packaged with repackaged versions of popular Android applications and pushed through unregulated, third party application exchanges, Lookout said.

Among the legitimate applications that have been modified to carry the Geinimi Trojan are Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010, according to Lookout. Versions of those applications offered through Google’s Android marketplace are safe, Lookout claims. Only versions available through unaffiliated Chinese application exchanges have been found to be infected. 

When installed on Android systems, Geinimi is designed to run in the background and search out a wide range of sensitive data stored on the phone including the unique identifiers used by the device, the phone’s location and a list of installed applications on the device. The malware also polls a list of Web domains at regular intervals and uploads stolen data to those servers. Geinimi has the ability to receive commands from those servers, as well, though researchers say they have not yet observed that behavior.

None of the domains used by Geinimi were accessible on Thursday. 

Botnets are common in the world of Windows malware, but have yet to jump the fence to the still nascent world of mobile malware. And, despite features that make Geinimi similar to its Windows cousins, there are crucial differences: Android users would need to approve installation of the application harboring Geinimi and its request to access a wide range of personal information. Should the malware authors wish to push other malicious code from their command and control servers to infected Android hosts, the users would need to approve both the download and installation first, Lookout said.

The new Trojan comes amidst increased warnings about the growth of mobile malware as more users embrace Internet connected smart phones and use them for conducting Web based transactions, game playing and other activities. Threatpost called out mobile security as one of five Trends to Watch in 2011, citing the rapid growth of mobile application ecosystems and the migration of PC-based attacks like phishing and clickjacking to mobile platforms. 

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.