back to article Chinese bot will slurp your Droid

A Trojan capable of stealing data from infected Android smartphones, and bundled with botnet-style functionality, has appeared in China. The mobile malware, dubbed Geinimi, which usually poses as gaming applications, has been uploaded onto third-party Chinese Android app markets. If installed, the malware sends personal data …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Megaphone

    SMS android mailware

    I'm sorry you're article is misleading. A so called battery saving app was and may still be on the google Market. Please don't mislead people into thinking they are safe if the stick with the Market.

    I had this app on my phone briefly it was advertised though google ads in angry birds and sent me to google Market download. The app used SMS to charge £4.50 a week. I contracted my provider the same day and had themblockthe transaction.

    Unless you know the Market is safe....DON'T SAY IT IS!

    The advice you should be giving is to check the android security message regarding what services the app will use when you install it. For example a battery saving app that has access to sms. If the access doesn't make sense don't install it.

    1. Tigra 07
      Thumb Up

      RE: AC

      I got voted down last time i asked people to actually read what permissions something wanted.

      It should really be common sense!

  2. Anonymous Coward
    Anonymous Coward

    Some background info

    The trojan's name is Geinimi or GeiNiMi (gay-nee-mee, 给你米), translated as "to give you rice" ("mi" could also mean metre). I see it in written contexts that may mean "to gain for you". Traditionally, Chinese idioms are four characters. I'm not a native Chinese speaker, but one source says this is a relatively new, modern idiom for "I give you my rice" (a quintessential Chinese staple), as in pushing or forcing it on them, implying the person doesn't rate or can't afford even rice, that they are a worthless member of society and pitiful.

    This made CNET news in China on 2010-12-03 (http://www.cnetnews.com.cn/2010/1203/1956595.shtml) after it was publicized by NetQin (网秦, http://www.netqin.com), a mobile device security company in China who seems to be the first to identify it on 2010-11-26 (http://virus.netqin.com/android/BIT.GeiNiMi.A/). Their relation, if any, to Lookout Mobile Security who publicized the existence of the trojan in English-speaking markets, is unclear. I'm glad people in other parts of the world are being made aware. Rogue mobile apps, insecure apps, and trojans are a threat to virtually everyone.

    This seems related to reports of backdoors in games for the Andoid platform as far back as 2010-10-27 (http://bbs.gfan.com/android-280850-1-1.html).

    On one page of the Gfan site (http://bbs.gfan.com/android-283253-1-1.html), a user claimed that this is a trojan (or "implant") developed by an unscrupulous firm related to spamming and located in the Caohejing Development Zone, Shanghai. That user pointed a link a link to the website at geinimi.com, and there is an IIS webserver there, but it looks like all content has been deleted.

  3. Fizzl
    Stop

    They are always quick to scare us..

    As long as the android stance of all aps are equal holds true there is very little an anti virus can do to protect its self let alone the users data. Some common sense about what you programs you allow on your device and what rights they are asking for is the best defence.

  4. Anonymous Coward
    WTF?

    so it steals phone identifiers and location information ...

    Judging from the permission requests, most of the apps in the google app store already collect and send out this information. At least from the app reviews in the store, most users are hardly ever concerned with these permissions. Even when they are, they seem to serenely accept very improbable explanations from developers for why they need a certain privilege. There isn't much privacy on Android (or iphone for that matter), the only new angle here is the botnet capability.

This topic is closed for new posts.

Other stories you might like