December 30, 2010

Trojan Virus Affecting Android Phones

Security firm Lookout is reporting that a new malicious trojan virus known as "Geinimi" has just been discovered on popular Android gaming apps.

The risk could be limited to Westerners since versions of the malware-infected gaming app have only turned up on a Chinese mobile apps website. 

"Geinimi is effectively being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets," Lookout said in a blog post on Wednesday. "The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions."

A U.S. Android user would only be exposed to this Trojan if he or she visited the Chinese site and downloaded the viral copy of the application.

"We've only seen this Trojan occur in app stores targeting Chinese users," Lookout CTO Kevin Mahaffey told USA Today.

He says it is "possible infected apps could be posted to app stores targeting U.S. users in the future."

The virus is designed to allow an attacker access to an Android phone to give them the ability to do anything they wish.

Geinimi uses sophisticated techniques to hide its tracks.  Lookout has determined that the trojan is capable of sending device identifiers and location coordinates, helping it to generate a list of all installed apps on the infected phone and to install more infected ones.

"It has the potential to receive commands from a remote server that allow the owner of that server to control the phone," Mahaffey told USA Today. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

The applications tainted with the Gemini virus include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. 

Mahaffey told USA Today that the original versions of those games, which are available in the official Google Android Market store, have not been affected.


On the Net: