Thursday, February 24, 2011

Gemini - The Android Trojan

Android systems have been attacked before, but the Geinimi Trojan seems to take things to another level. Once it’s installed in the form of a game or app from a third-party app store, it starts giving out some relevant user information like the IMEI or ISMI number. Thankfully, the Lookout security app has listed out quite a few things for us.

The Trojan shows botnet-like capabilities by letting remote servers access user information and, in simple terms, let them control the affected user’s phone. Geinimi connects to remote servers that use one of the ten embedded domain names. Some of these subsets include www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com.


Don't let this affect your precious Android handset

There’s some really sensitive information that’s been given out once Geinimi strikes. Here is what they do:
Send location coordinates (fine location)
Send device identifiers (IMEI and IMSI)
Download and prompt the user to install an app
Prompt the user to uninstall an app
Enumerate and send a list of installed apps to the server
The remote servers will only prompt users to install or uninstall apps, the user still has to confirm the installation or uninstallation.

If you’re using the Lookout security app (free or premium), be rest assured, your phone is protected. Otherwise, try not downloading apps from Chinese app stores. There’s a basic list of dos and don’ts below :
Only download applications from trusted sources, such as reputable application markets. Remember to look at the developer name, reviews, and star ratings.

Always check the permissions an app requests. Use common sense to ensure that the permissions an app requests match the features the app provides.

Be aware that unusual behavior on your phone could be a sign that your phone is infected. Unusual behaviors include: unknown applications being installed without your knowledge, SMS messages being automatically sent to unknown recipients, or phone calls automatically being placed without you initiating them.

Download a mobile security app for your phone that scans every app you download. Lookout users automatically receive protection against this Trojan.

- courtesy Google Android Developers Group