Geinimi: a sophisticated trojan for Android

    An interesting new trojan was discovered on Chinese sites, which in the English version was called Geinimi.

    According to experts of Lookout Mobile Security, “this is the most sophisticated malware for Android among all that has come to date”, because in previous Trojans such masking methods were not used. In particular, Geinimi has a ready-made bytecode obfuscator, and parts of the program are encrypted, which makes it difficult for researchers to analyze the program.

    Currently, the trojan is distributed from Chinese software catalogs in packages with games Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010. It is expected that soon Geinimi will be included in bundles with Android applications on sites and outside of China. But so far no application has been infected on the Google Android Market, including the original versions of the above games on the Google Android Market that do not contain a trojan. If he appears there - this will be announced later.

    After downloading the infected program, the user needs to confirm the installation of the application from an “unknown source”.

    The program runs in the background and collects personal data: device coordinates, IMEI and IMSI numbers. Then, with an interval of one minute, attempts are made to communicate with one of ten remote servers (www.widifu.com, www.udaore.com , www.frijd.com , www.islpast.com , www.piajesj.com , etc.), where all the collected information is transmitted. Among other features of the trojan: installing programs on the phone, removing programs from the phone (both of them with the permission of the user), the ability to make a list of all installed programs and send it to a remote server.

    This is also the first Android program capable of participating in the formation of a botnet: the trojan has the function of receiving remote commands. True, researchers have not yet been able to verify how it works.

    Also popular now: