What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Fire-up Your AV -- Android Virus' on the Loose

U

UrbanBounca

Rescue Squad
Staff member
Premium Member
Rescue Squad
The most sophisticated Trojan for Android smartphones yet. That's how security firm Lookout describes "Geinimi," a nasty piece of malicious software it has just discovered grafted on to downloads of some popular Android gaming apps.

The risk to Westerners is presumably limited, since versions of the tainted gaming app have only turned up on a Chinese mobile apps website. An Android user in the US, for instance, would only be exposed to this Trojan if he or she visited the Chinese site and downloaded the viral copy of the gaming apps in question.

"We've only seen this Trojan occur in app stores targeting Chinese users," says Lookout CTO Kevin Mahaffey. He says it's "possible infected apps could be posted to app stores targeting U.S. users in the future."
The tainted games found in the Chinese app stores include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Mahaffey says the original versions of those games -- available in the official Google Android Market store -- have not been affected.

Geimini shares much in common with drive-by download infections spread on popular websites across the Internet. These Trojans are designed to infect the PC web browser of any and all visitors to the tainted websites. Once Geimini downloads to your Android phone, the attacker essentially has a mechanism in place to do anything he wants.

So far Lookout's analysis of Geinimi has determined that it is capable of sending device identifiers and location coordinates, generating a list of all installed apps on the infected phone and installing other viral apps. Geinimi also uses sophisticated techniques to hide its tracks.

"It has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Mahaffey. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

Lookout supplies free antivirus for mobile devices that blocks Geinimi and other mobile device malware.
Click to expand...
Nasty Android Trojan found grafted to gaming apps - USATODAY.com
 
if you're visiting a chinese website, downloading an apk and installing it on your phone, you deserve a trojan.

linux is not immune to viruses, but you would almost have to want to be infected in order to get one on your phone.

sorry, i will not be running to install Lookout because of this haha
 
I believe the bigger picture that people need to see is that Android is not virus free, and we need to quit claiming that it is.

If it can make it's way onto a Chinese app, why couldn't it make it's way to an English app?
 
If people are claiming it's virus free they're wrong...anything that connects to the internet can get a virus.

the point is the way that linux/android is set up you'd have to explicitly give the virus permission to execute on your system, install it yourself and let it do its work.

linux doesn't allow auto execution of files, nor can someone be infected unless they're running as root.

so again, if you visit a chinese website, download this app, grant permissions to this apk to install itself on your phone, then you deserve the trojan
 
czerdrill said:
If people are claiming it's virus free they're wrong...anything that connects to the internet can get a virus.

the point is the way that linux/android is set up you'd have to explicitly give the virus permission to execute on your system, install it yourself and let it do its work.

linux doesn't allow auto execution of files, nor can someone be infected unless they're running as root.

so again, if you visit a chinese website, download this app, grant permissions to this apk to install itself on your phone, then you deserve the trojan
Click to expand...

Very nicely explained. But this would be the first virus I've seen. I still wouldn't load antivirus on my D2 it's a resource hog.
 
They have had a couple of linux viruses back in the day, which were patched immediately. First android virus I've seen yes, but still an AV is unneeded as I'm sure it would do more harm (resource hogging) then good...
 
UrbanBounca said:
I believe the bigger picture that people need to see is that Android is not virus free, and we need to quit claiming that it is.

If it can make it's way onto a Chinese app, why couldn't it make it's way to an English app?
Click to expand...

Who is claiming that Android is virus free?
You can write a virus for any OS if you have the time although some are harder to write for than others.

Also if your getting your apps from chinese sites and such, not the ones available in the market you are at a higher risk of getting a virus.
Use common sense. Check the privileges that apps want to have access to and don't download something your unfamiliar with or from an unfamiliar website.

Sent from my Droid using DroidForums App
 
Go figure…*but yes, no OS is virus free. Don't get why people want to write malicious code.
 
I had a problem when I installed aol mail on my phone for my husband, before I finally convinced him to go google! Something in one of his. Emails caused a malfunction my Droid nothing that a factory reset didn't solve. No more aol!

Sent from my Droid using DroidForums App
 
czerdrill said:
sorry, i will not be running to install Lookout because of this haha
Click to expand...

I wouldn't have anyways with their fear mongering earlier this year with that wallpaper app, but seeing a press release where they can't even spell the name of the virus consistently just makes me not trust them at all. Though, maybe its not them doing so, most of the other reports I saw called it Gemini.
 
It's not even a virus by definition... Virii are self-replicating and infect executable code, and spread to other executables... Which I believe would require superuser access to perform.
This is a Trojan, which piggybacks on seemingly safe code, and does something you don't want it to do...
It's been said before earlier, pay attention to the permissions of the app, and if it didn't make sense, don't instal it... Especially if you're rooted.

My Droid Does Tapatalk...
 
You must log in or register to reply here.

Similar threads

L
Android Malware
Replies
1
Views
3K
hookbill
H
L
Lookout Security
Replies
0
Views
2K
luv2golf
L
L
'DeathRing' Chinese Malware Found Pre-Installed On Several Android Smartphones
Replies
1
Views
1K
Ollie
O
D
PSA: New Android Malware Discovered by Lookout Could be 'nearly impossible to remove'
Replies
8
Views
2K
Ollie
O
R
[WARNING] Hacked websites auto-downloading malware to Android devices
Replies
8
Views
3K
rherron
R
Back
Top