Forgot your password?
typodupeerror
Security Cellphones Handhelds IT

Android Trojan Found, Spreading From Chinese App Stores 277

Posted by timothy
from the step-one-install-skype dept.
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices. "The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
This discussion has been archived. No new comments can be posted.

Android Trojan Found, Spreading From Chinese App Stores

Comments Filter:
  • by Anonymous Coward on Thursday December 30, 2010 @04:04PM (#34713952)

    ANDROID OS allows for the usage of custom HOSTS files, & that's how you stop this botnet from communicating "back to mama" (it's C&C botnet servers):

    DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] )

    ---

    1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it

    2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)

    3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS

    ---

    DONE! Yes, it's THAT simple... &, it works!

    APK

    P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. this threat!

    (However - I don't think the article noted them, & articles of THAT "nature" are poor imo, not detailed enough - it's nice to say "hey, there's a botnet out there" but to not list its servers too? WTF! Thankfully though, the HOSTS file sources I use to populate my custom HOSTS file update every hour on some of them, & around once a day on most, & once a month for the "worst of them"!)

    Other /. articles have helped ME this way before (which is WHY I am sort of "disappointed" in the source article here, per my last paragraph in reply just above now):

    2 examples thereof in the past I have used, & noted it there, are/were:

    http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
    http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

    apk

  • by 0123456 (636235) on Thursday December 30, 2010 @04:26PM (#34714206)

    And neither can Windows, yet it is always blamed for someone installing malware on their systems

    What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?

    Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.

  • by icebike (68054) on Thursday December 30, 2010 @04:30PM (#34714242)

    ANDROID OS allows for the usage of custom HOSTS files,

    None of that is necessary. Why even post this crap?

    Simply load your apps from the Android market instead of dodgy Chinese warz sites.

  • by 99BottlesOfBeerInMyF (813746) on Thursday December 30, 2010 @04:39PM (#34714322)

    Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.

    Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem? Linux protects much better than Windows against remote attacks, it can't protect against stupid users.

    Sure it can, at least a lot more than it does now. It can sandbox all apps by default, automatically check a malware blacklist and elevate permissions for trojans to ones that are useful to malware only when explicitly told to do so by the user, i.e. he goes in and checks the (allow to send mass e-mails) checkbox for that app.

    There is a lot that can be done to more tightly secure Linux distros, applying SELinux style permissions universally is good start. The difference is, for normal home use users don't need these improvements yet because the risks are still so small. Linux does a great job of adapting and improving security as it becomes needed because the developers are the users as well so they are very motivated.

  • by bl8n8r (649187) on Thursday December 30, 2010 @05:44PM (#34715022)
    FTFA under "How it works":
    * Download and prompt the user to install an app
    * Prompt the user to uninstall an app

    Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?

    FTFA under "How to stay safe":
    * Only download applications from trusted sources
    * Always check the permissions an app requests

    I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed.  The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d.  Big surprise.

Any given program, when running, is obsolete.

Working...