'Geinimi' trojan infecting Chinese Android devices

A new Android trojan is currently running amuck in China and could threaten the rest of the Android ecosystem if it is not contained. The 'Geinimi' virus is currently kicking around in China, and is stealing personal user information from the host device. The trojan disguises itself as a legitimate application such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010 but also contains the malicious code.

Lookout Mobile Security, via TGDaily.com, is reporting that "Geinimi’s author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities. In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted".

Currently the trojan is not infecting any application on the marketplace, and is only infecting repackaged applications. When an infected file is run on the host device, the trojan will run in the background, gather personal information from the device and send it back to a host server on five minute intervals.

While this is far from a dooms day trojan, it is the second "virus" to inflict android users. If these events keep happening, it could put a negative PR spin on the Android platform itself and may hurt its overall reputation, something Apple recently exploited Microsoft for in advertising campaigns.

Report a problem with article
Previous Story

3D printer used to create a real concert flute

Next Story

Amazon Kindle now allows book sharing

51 Comments

Commenting is disabled on this article.

Honestly I feel bad for people affected by this, but at the same time, in this day and age you deserve it. Learn a good lesson the hard way. You can't even install these kinds of apps without allowing installation from unknown sources, and if you made that change manually then you should know better than to willy nilly install stuff like this and the risks you were taking. If you don't know enough about your phone, take a class. Actually, the wireless carriers should probably be offering this kind of thing, they could even make some money, if they're going to sell people "smart" phones like this.

techbeck said,
Price some pay for having a more open system and being able to do more.

iOS has been hit with phishing as well.

This isn't phishing.

And when was iOS "hit by phishing"?

Julius Caro said,
By default android does not allow installing apps outside the market right?

You have to select the option of "Allow install of non market applications" which is disabled by default

OMG a trojan hiding in applications whose names sound super innocent, that only affects apps not acquired on the market? YOU WOULDN'T SAY!!

Julius Caro said,
OMG a trojan hiding in applications whose names sound super innocent, that only affects apps not acquired on the market? YOU WOULDN'T SAY!!

Hehe. But neowin staffers do love their sensationalist pro-MS anti-everythingelse articles so..

[quote=Flawed said,]
Hehe. But neowin staffers do love their sensationalist pro-MS anti-everythingelse articles so.. [/quote}

So where did my anti-Android/Linux comment go, or the original comment that i made my reply to, which was satirically anti-Linux?

thommcg said,
Couldn't similar happen with jailbroken iOS, WP7, etc Apps? Seems only unofficial installs may be affected.

Any device could potentially be affected by this if sideloaded. WP7 or iOS. But if users have the know-how to sideload, they should also know to check the application feature request during install, where they can forbid the installation (at least on android anyway).

Flawed said,

Any device could potentially be affected by this if sideloaded. WP7 or iOS. But if users have the know-how to sideload, they should also know to check the application feature request during install, where they can forbid the installation (at least on android anyway).

Flawed - Are you a Google Android employee?

thenonhacker said,
Flawed - Are you a Google Android employee?

I'm shocked by the amount of trolls in this thread, most of them failures I might add. What Flawed said is 100% true. Anybody with a jailbroken/rooted phone of any kind (Android, iOS or Windows) can be affected by this type of problem.

Jebadiah said,
You think techies are geniuses?

No but at least we are here and we know what is going on, my sister and my Mom have no idea, they have a phone and they go and download apps, the wrong app and they could be in trouble with me trying to sort it out for them, as usual. As long as it does not end up like the virus and malware infected PC world I suppose it will be okay.

derekaw said,
How will our non tech friends cope with all of this? I see problems ahead.

If they are not technical, how and why are they going to sideload an app? Most users use the marketplace, and thus will never be affected by such things. The openness of the platform permits much more freedom. And with freedom comes responsibility. For instance, checking the functionality requests as the app installs.

derekaw said,
How will our non tech friends cope with all of this? I see problems ahead.

I agree, in terms of media, marketing, and PR graving ahold of this and spinning, twisting, and slanting things to spread FUD, and confusion among non tech participants. As an Apple fan, I eagerly look forward to this and will be sitting back and enjoying the show.

Flawed said,

If they are not technical, how and why are they going to sideload an app? Most users use the marketplace, and thus will never be affected by such things. The openness of the platform permits much more freedom. And with freedom comes responsibility. For instance, checking the functionality requests as the app installs.

As soon as these viruses are in the app store mascarading

Flawed said,

If they are not technical, how and why are they going to sideload an app? Most users use the marketplace, and thus will never be affected by such things. The openness of the platform permits much more freedom. And with freedom comes responsibility. For instance, checking the functionality requests as the app installs.

As soon as the virus is in the app store disguised as something else or wrapped in something else then all hell can break loose in their handbags. Those people who were sold a cheap iPhone type phone (Android) are in for a big surprise.

Melfster said,
Just put antivirus solution android problem solved.

I can't believe we've come to the point when we have to install antivirus in ours phones, what's next firewalls?

mjedi7 said,

I can't believe we've come to the point when we have to install antivirus in ours phones, what's next firewalls?


Already available.

mjedi7 said,

I can't believe we've come to the point when we have to install antivirus in ours phones, what's next firewalls?


You don't. Just don't sideload unless it's from a reputable site. Remember, most people only get apps from the repository (Android Marketplace) just like GNU/Linux. This article is just sensationalist fodder for the MS and pro WP7 crowd. Those who use reputable repositories, and check the functionality an app requests as it installs will be fine.

Flawed said,

You don't. Just don't sideload unless it's from a reputable site. Remember, most people only get apps from the repository (Android Marketplace) just like GNU/Linux. This article is just sensationalist fodder for the MS and pro WP7 crowd. Those who use reputable repositories, and check the functionality an app requests as it installs will be fine.

Oh please give me a break. I own an Android, and I am glad there are articles like this. Now I'm thinking of really getting that iPhone.

thenonhacker said,

Oh please give me a break. I own an Android, and I am glad there are articles like this. Now I'm thinking of really getting that iPhone.

Well good bye then.. you wont be missed!

and serves yourself right if you got infected downloading outside of the Market.

kazgor said,

Well good bye then.. you wont be missed!
and serves yourself right if you got infected downloading outside of the Market.

Idiot. Nowhere did he say he was leaving, so why the "good bye" ? Also, nowhere did he say he was infected or that he installed apps outside of the market.

Serious Troll failure.

TCLN Ryster said,

Idiot. Nowhere did he say he was leaving, so why the "good bye" ? Also, nowhere did he say he was infected or that he installed apps outside of the market.

Serious Troll failure.

Ja ja, it's funny cuz it's true (and thenonhacker he really should get an iphone)

I think a key element is missing. First off, last I checked....Lookout was pretty much spyware itself. Even if what I've read is incorrect, and Lookout is actually legit (I stopped using it due to their privacy setting requirements), there is no mention in the article as to whether "Lookout Mobile Security" is capable of removing/cleaning this virus if you get it. Am I the only one who finds this little bit of info, or lack thereof important?

"and is only infecting repackaged applications"

Just don't install 3rd party apps. And if you have to find some up-to-date virus protection and scan the file.

Jmaxku said,
"and is only infecting repackaged applications"

Just don't install 3rd party apps. And if you have to find some up-to-date virus protection and scan the file.

lol anti-virus scanner your phone! oh how far we have come!!!!

i think it happened onlce to iOS too. The 'Rick-rolling' worm affected jailbroekn iphones who didnt changed the default password of SSH.

mjedi7
affected jailbroekn iphones who didnt changed the default password of SSH.

So it only affected phones who, by the very nature of jailbreaking, were already compromised.

"legitimate application such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010 "

Yes because all those sound legit. LOL

ahhell said,
"legitimate application such as Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010 "

Yes because all those sound legit. LOL

Um, they are all legit...

bankajac said,
Not good! Why has this not happened to iOS?

Because iOS isn't open like Android is. Apple reviews all applications before it is submitted into their market.

ceminess said,

Because iOS isn't open like Android is. Apple reviews all applications before it is submitted into their market.

Try reading the article. This has nothing to do with an Android marketplace app, it's a third party one.

bankajac said,
Not good! Why has this not happened to iOS?

Android is open and the source is readily available, iOS is all hush hush. Having the source code makes it much easier in general.

Edit: I withdraw this statement due to it being more relevant to actually finding holes in the OS than the actual article XD

Hollow.Droid said,

Try reading the article. This has nothing to do with an Android marketplace app, it's a third party one.

ceminess was still right. Apple reviews all of their applications. regardless if this was android market place or some app you download from a website. the point is with apple you can't download apps off the internet and what apps you can download from the store are reviewed first.

bankajac said,
Not good! Why has this not happened to iOS?

This "has" happened to iOS. Just the same way it happened to Android, it also happened through 3rd party application installers and effected only jailbroken iphones.

warwagon said,

ceminess was still right. Apple reviews all of their applications. regardless if this was android market place or some app you download from a website. the point is with apple you can't download apps off the internet and what apps you can download from the store are reviewed first.

Except for the fact that millions of iphone users jailbreak their phones and then run apps downloaded from anywhere.