Fire-up Your AV -- Android Virus' on the Loose

UrbanBounca

Rescue Squad
Staff member
Premium Member
Rescue Squad
Joined
Sep 25, 2010
Messages
2,749
Reaction score
207
Location
Virginia
The most sophisticated Trojan for Android smartphones yet. That's how security firm Lookout describes "Geinimi," a nasty piece of malicious software it has just discovered grafted on to downloads of some popular Android gaming apps.

The risk to Westerners is presumably limited, since versions of the tainted gaming app have only turned up on a Chinese mobile apps website. An Android user in the US, for instance, would only be exposed to this Trojan if he or she visited the Chinese site and downloaded the viral copy of the gaming apps in question.

"We've only seen this Trojan occur in app stores targeting Chinese users," says Lookout CTO Kevin Mahaffey. He says it's "possible infected apps could be posted to app stores targeting U.S. users in the future."
The tainted games found in the Chinese app stores include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Mahaffey says the original versions of those games -- available in the official Google Android Market store -- have not been affected.

Geimini shares much in common with drive-by download infections spread on popular websites across the Internet. These Trojans are designed to infect the PC web browser of any and all visitors to the tainted websites. Once Geimini downloads to your Android phone, the attacker essentially has a mechanism in place to do anything he wants.

So far Lookout's analysis of Geinimi has determined that it is capable of sending device identifiers and location coordinates, generating a list of all installed apps on the infected phone and installing other viral apps. Geinimi also uses sophisticated techniques to hide its tracks.

"It has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Mahaffey. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

Lookout supplies free antivirus for mobile devices that blocks Geinimi and other mobile device malware.
Nasty Android Trojan found grafted to gaming apps - USATODAY.com
 

Backnblack

Premium Member
Premium Member
Joined
Nov 18, 2009
Messages
11,105
Reaction score
27
Current Phone Model
iPhone 7+ 256gb
Fear mongering

Yup, Thats all it is...

If you pay attention to where you get your apps from, You'll be fine....

Common Sense people.....
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
if you're visiting a chinese website, downloading an apk and installing it on your phone, you deserve a trojan.

linux is not immune to viruses, but you would almost have to want to be infected in order to get one on your phone.

sorry, i will not be running to install Lookout because of this haha
 
OP
UrbanBounca

UrbanBounca

Rescue Squad
Staff member
Premium Member
Rescue Squad
Joined
Sep 25, 2010
Messages
2,749
Reaction score
207
Location
Virginia
I believe the bigger picture that people need to see is that Android is not virus free, and we need to quit claiming that it is.

If it can make it's way onto a Chinese app, why couldn't it make it's way to an English app?
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
If people are claiming it's virus free they're wrong...anything that connects to the internet can get a virus.

the point is the way that linux/android is set up you'd have to explicitly give the virus permission to execute on your system, install it yourself and let it do its work.

linux doesn't allow auto execution of files, nor can someone be infected unless they're running as root.

so again, if you visit a chinese website, download this app, grant permissions to this apk to install itself on your phone, then you deserve the trojan
 

hookbill

Premium Member
Premium Member
Joined
Nov 30, 2009
Messages
19,372
Reaction score
9
Location
N.E. Ohio
If people are claiming it's virus free they're wrong...anything that connects to the internet can get a virus.

the point is the way that linux/android is set up you'd have to explicitly give the virus permission to execute on your system, install it yourself and let it do its work.

linux doesn't allow auto execution of files, nor can someone be infected unless they're running as root.

so again, if you visit a chinese website, download this app, grant permissions to this apk to install itself on your phone, then you deserve the trojan

Very nicely explained. But this would be the first virus I've seen. I still wouldn't load antivirus on my D2 it's a resource hog.
 

czerdrill

Silver Member
Joined
Jan 2, 2010
Messages
4,825
Reaction score
12
They have had a couple of linux viruses back in the day, which were patched immediately. First android virus I've seen yes, but still an AV is unneeded as I'm sure it would do more harm (resource hogging) then good...
 

warrior21

Active Member
Joined
Mar 15, 2010
Messages
1,287
Reaction score
0
Location
NY
Hmmm I guess I will have to stay away from Chinese websites from now on:huh:
 

Quicksilver7714

Super Moderator
Premium Member
Rescue Squad
Joined
Jul 2, 2010
Messages
2,439
Reaction score
63
I believe the bigger picture that people need to see is that Android is not virus free, and we need to quit claiming that it is.

If it can make it's way onto a Chinese app, why couldn't it make it's way to an English app?

Who is claiming that Android is virus free?
You can write a virus for any OS if you have the time although some are harder to write for than others.

Also if your getting your apps from chinese sites and such, not the ones available in the market you are at a higher risk of getting a virus.
Use common sense. Check the privileges that apps want to have access to and don't download something your unfamiliar with or from an unfamiliar website.

Sent from my Droid using DroidForums App
 

bazar6

Premium Member
Premium Member
Theme Developer
Joined
Dec 15, 2009
Messages
681
Reaction score
14
Location
MD
Website
www.imbazar.me
Go figure…*but yes, no OS is virus free. Don't get why people want to write malicious code.
 

ypsichick

Member
Joined
May 19, 2010
Messages
110
Reaction score
0
Location
Western KY and W. Los Angeles 3 miles from the bea
I had a problem when I installed aol mail on my phone for my husband, before I finally convinced him to go google! Something in one of his. Emails caused a malfunction my Droid nothing that a factory reset didn't solve. No more aol!

Sent from my Droid using DroidForums App
 

harrellj

Active Member
Joined
Jul 25, 2010
Messages
1,058
Reaction score
2
sorry, i will not be running to install Lookout because of this haha

I wouldn't have anyways with their fear mongering earlier this year with that wallpaper app, but seeing a press release where they can't even spell the name of the virus consistently just makes me not trust them at all. Though, maybe its not them doing so, most of the other reports I saw called it Gemini.
 

Taegost

Member
Joined
May 16, 2010
Messages
687
Reaction score
1
Location
Tampa Bay, Fl
It's not even a virus by definition... Virii are self-replicating and infect executable code, and spread to other executables... Which I believe would require superuser access to perform.
This is a Trojan, which piggybacks on seemingly safe code, and does something you don't want it to do...
It's been said before earlier, pay attention to the permissions of the app, and if it didn't make sense, don't instal it... Especially if you're rooted.

My Droid Does Tapatalk...
 
Top