The most sophisticated Trojan
for Android smartphones yet. That's how security firm Lookout describes "Geinimi," a nasty piece of malicious software it has just discovered
grafted on to downloads of some popular Android gaming apps.
The risk to Westerners is presumably limited, since versions of the tainted gaming app have only turned up on a Chinese mobile apps website. An Android user in the US, for instance, would only be exposed to this Trojan if he or she visited the Chinese site and downloaded the viral copy of the gaming apps in question.
"We've only seen this Trojan occur in app stores targeting Chinese users," says Lookout CTO Kevin Mahaffey. He says it's "possible infected apps could be posted to app stores targeting U.S. users in the future."
The tainted games found in the Chinese app stores include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Mahaffey says the original versions of those games -- available in the official Google Android Market store -- have not been affected.
Geimini shares much in common with drive-by download
infections spread on popular websites across the Internet. These Trojans are designed to infect the PC web browser of any and all visitors to the tainted websites. Once Geimini downloads to your Android phone, the attacker essentially has a mechanism in place to do anything he wants.
So far Lookout's analysis of Geinimi has determined that it is capable of sending device identifiers and location coordinates, generating a list of all installed apps on the infected phone and installing other viral apps. Geinimi also uses sophisticated techniques to hide its tracks.
"It has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Mahaffey. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."
Lookout supplies free antivirus for mobile devices that blocks Geinimi and other mobile device malware.