A new trojan has recently been discovered which is affecting the Android mobile Operating System. Android is an Open-Source mobile device Operating System and is gaining popularity day by day. Android is being used by many smartphone manufacturers.
The Trojan named “Geinimi” is spreading in China as it’s affecting the Chinese third party marketplaces. Geinimi gets repackaged with legitimate software primarily games and when the software gets installed on Android, Geinimi is also installed silently.
How Android Trojan works?
When the user launches the affected application, Geinimi also gets started in the background and starts collecting important data like device IMEI no. and SIM card IMSI no. It then tries to connect to a remote server including www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If connected successfully, it transmits the data to the remote server. Here is a list of functions that Geinimi can perform:
- Send location coordinates (fine location)
- Send device identifiers (IMEI and IMSI)
- Download and prompt the user to install an app
- Prompt the user to uninstall an app
- Enumerate and send a list of installed apps to the server
How to stay safe from Android Trojan?
As advised on the lookout blog, here are the points to note in order to stay safe from this new Android Trojan:
- Only download applications from trusted sources, such as reputable application markets. Remember to look at the developer name, reviews, and star ratings.
- Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.
- Be aware that unusual behavior on your phone could be a sign that your phone is infected. Unusual behaviors include: unknown applications being installed without your knowledge, SMS messages being automatically sent to unknown recipients, or phone calls automatically being placed without you initiating them.
- Download a mobile security app for your phone that scans every app you download. Lookout users automatically receive protection against this Trojan.
