Watch out, a new Android Trojan was found in wild
A new threat for Android devices has been recently found in wild. Until now, the Android Trojan has only been downloaded from Chinese App markets, being “grafted” on to legitimate applications, mainly games.
This Trojan, also called “Geinimi” can do some great damage on your Android. For example, it can compromise a significant amount of personal data on a user’s phone and send it to remote servers. Once installed, this Android malware can receive commands from a remote server that allow the owner of that server to control your phone.
It might scare you a little but if you are cautious and pay attention, nothing will happen to your Android device.
Let’s talk a little about how it works. Well, the Geinimi Trojan runs in the backgrounds, collects different kinds of information and it will:
– Send location coordinates (fine location)
– Send device identifiers (IMEI and IMSI)
– Download and prompt the user to install an app
– Prompt the user to uninstall an app
– Enumerate and send a list of installed apps to the server
After it collects these precious information, five minutes later, it will try to connect to a remote server using one of these domain names:
– widifu . com
– udaore . com
– frijd . com
– islpast . com
– piajesj . com
So, do not go on these domain names, i’m sure you don’t want your Android device to get “sick”.
The Geinimi Trojan was reported on the Chinese app stores in games like Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. The official Google Android Market have not been affected.
What do you have to do to stay protected:
– download apps only from trusted sources and try to look at the developer name and reviews
– check the permissions an app requests
– if you notice any unusual behavior on your Android device, this could be a sign that your phone is infected. For example: “unknown applications being installed without your knowledge, SMS messages being automatically sent to unknown recipients, or phone calls automatically being placed without you initiating them.”