The open source nature of the Android operating system gives users the ability to choose from many apps that may not always operate as the Android developers intended. The big advantage of the Android Marketplace is very little, if any dictation as to what can and cannot be offered, in the form of application functionality. The downside to that equation is the potential for malicious software, viruses or other nasty code.
A highly advanced new Trojan virus has recently been infecting Android devices and stealing users private information according to mobile security company Lookout. This virus named “Geinimi” comes by way of Chinese app stores and attaches itself to otherwise legitimate applications.
The virus will collect private details about the phone such as location, and it then attempts to send the information to remote servers when users run the applications. The scariest part of this virus is that it also has the ability to receive commands, which could potentially allow unknown parties to control the phone. Specific details are outlined by Lookout below:
The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five-minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.
At this time the Trojan virus has only been detected in China on third party app stores and no infections have been found in the Google Android Marketplace. Lookout also states that the exact intent of the virus is unknown, but speculates it could be used for malicious mobile advertising or to create an Android botnet, which could potentially take over large networks and wreck havoc.
Geinimi is “the most sophisticated Android malware we’ve seen to date,” said Kevin MaHaffe, co-founder of Lookout. The simple fact that hackers now have the ability to attach a virus to a legitimate application is scary in itself. Yet to be seen, is how the mobile community, both manufactures and developers, will proceed in limiting the potential destruction of these Trojan viruses. This is not an Android problem, it is a mobile platform problem, it just so happens that the Android OS was the first to be infiltrated. Best advice, protect your mobile device as you would protect your computer.
What do you think the future of mobile malware and virus infiltration holds?