Mobile security firm Lookout is sounding the alarm about a Trojan targeting Android devices that, while confined to China so far, represents one of the most sophisticated pieces of malware its seen to date. The malware, named “Geinimi” is the first Trojan to display botnet-like capabilities, allowing it to receive remote commands, said Lookout in its blog.
The worm is essentially grafted onto legitimate apps and games that being distributed through third-party Chinese Android app markets. Users who allow side-loading of apps enable the exploit by confirming the installation. The Trojan operates in the background and can send location data and unique identifiers for the device and SIM card through ten embedded domain names. Lookout said that while it has identified Geinimi, it has yet to observe a remote control server send commands to the Trojan.
The Geinimi Trojan is significant, said Lookout, because it goes to some lengths to obfuscate its activities, which while still detectable, require a higher level of scrutiny to uncover. While it has not been observed in any Android Market apps, it has been inserted in Chinese app markets into legitimate apps like Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstarts 2010.
The appearance of more sophisticated mobile malware is inevitable as smartphones become mobile computers. Though mobile devices are harder to target right now than PCs, they represent a growing opportunity for criminals looking to gather data from users. As we wrote about in August, Kapersky Labs said Android handsets could download malware that allowed users to sign up for texts and make calls to premium numbers. In September, security vendor Fortinet discovered a mobile version of Zeus, a piece of banking malware that was targeting Symbian and BlackBerry devices. Android has already had to deal with apps that contained malware, and Stacey had a good list of tips on how to secure an Android handset. The basic things to remember are:
- Only download apps from trusted sources.
- Check the permissions an apps is asking for.
- Look for reviews and warnings about questionable apps.
- Look out for unusual behavior on the phone — e.g., SMS messages sent automatically — that could signal it’s infected.
We’ve been hearing about the looming threat to mobile phones for years now. But while that threat hasn’t quite reared its ugly head yet, it might not be long before we see more serious attacks as smartphones proliferate.
Related content from GigaOM Pro (sub req’d):
Rogue Devices: The Consumer Influence on Enterprise Mobility, Part 1