Geinimi Android Trojan horse discovered
Posted by vijai on Sunday, January 2, 2011 Under: Security
There has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.
The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.
Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For instance, in the past we've seen banking malware has been found in the Android Market, security researchers have demonstrated spyware rootkits for Android devices, and users have been warned about Trojans from Russia which send SMS text messages to premium-rate numbers.
In the case of the Geinimi malware, the good news is that it appears not to have made it into the official Android market app store - meaning that you would only have been putting yourself at risk if you installed poisoned software from an unauthorised source. Researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.
And you have to deliberately change the settings on your Android smartphone to make it possible to install software from such "unknown sources".
So, the sky is not falling - and it's not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.
Android is a much more "open" operating system than the Apple iOS used on iPhones and iPads, and Android users don't have to jump through as many hoops to install applications that have not been made "officially" available.
And, it shouldn't be forgotten that not all attacks are OS-specific. Phishing attacks, for instance, don't care what operating system you're running - they just rely on you not taking enough care about the link you are clicking on (something that's pretty easy to do when you have a small screensize to view a - perhaps - long url).
And increasingly we are seeing examples of threats which only exist "within the browser" or spreading entirely inside a social network, never touching your smartphone's operating system.
So there are dangers out there whatever kind of browsing device you are using. Desktop or laptop, mobile or tablet.
Sophos products can detect samples of the Geinimi Trojan we have seen to date as Troj/Geinimi-A.
The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.
Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For instance, in the past we've seen banking malware has been found in the Android Market, security researchers have demonstrated spyware rootkits for Android devices, and users have been warned about Trojans from Russia which send SMS text messages to premium-rate numbers.
In the case of the Geinimi malware, the good news is that it appears not to have made it into the official Android market app store - meaning that you would only have been putting yourself at risk if you installed poisoned software from an unauthorised source. Researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.
And you have to deliberately change the settings on your Android smartphone to make it possible to install software from such "unknown sources".
So, the sky is not falling - and it's not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.
Android is a much more "open" operating system than the Apple iOS used on iPhones and iPads, and Android users don't have to jump through as many hoops to install applications that have not been made "officially" available.
And, it shouldn't be forgotten that not all attacks are OS-specific. Phishing attacks, for instance, don't care what operating system you're running - they just rely on you not taking enough care about the link you are clicking on (something that's pretty easy to do when you have a small screensize to view a - perhaps - long url).
And increasingly we are seeing examples of threats which only exist "within the browser" or spreading entirely inside a social network, never touching your smartphone's operating system.
So there are dangers out there whatever kind of browsing device you are using. Desktop or laptop, mobile or tablet.
Sophos products can detect samples of the Geinimi Trojan we have seen to date as Troj/Geinimi-A.
In : Security
Tags: android geinimi google malware mobile