Forgot your password?
typodupeerror
Security Cellphones Handhelds IT

Android Trojan Found, Spreading From Chinese App Stores 277

Posted by timothy
from the step-one-install-skype dept.
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices. "The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
This discussion has been archived. No new comments can be posted.

Android Trojan Found, Spreading From Chinese App Stores

Comments Filter:
  • First post (Score:5, Funny)

    by GameboyRMH (1153867) <gameboyrmh@@@gmail...com> on Thursday December 30, 2010 @03:54PM (#34713864) Journal

    Posting from my Androi^B^B BUY HERBAL VIAGRA

  • ...no link?

    • by frinkster (149158)

      Thank you for the link... The blog post says that the Trojan can "control" the phone but nowhere does it say that "control" means anything other than prompting the user to install or delete other applications.

  • by Anonymous Coward

    proper code signing (and not letting unsigned code run) is important.

  • by Anonymous Coward on Thursday December 30, 2010 @04:00PM (#34713924)

    An hour later and you're hungry for privacy again.

  • Not "malware" (Score:5, Informative)

    by Anonymous Coward on Thursday December 30, 2010 @04:06PM (#34713966)

    Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.

    This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.

    There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.

    • by owlstead (636356)

      If the software tries to send information without explicit consent from the user in one way or another, it's malware. Some of that information may be implicit (e.g. pointing out updates, retrieving news for a news application, sharing high-scores for games). Sending out personal information while the application is not meant for that information to be send is clearly malicious. If a program is designed to send information maliciously, isn't it malware (== malicious software) by definition?

      • Re: (Score:3, Informative)

        by Riceballsan (816702)
        I believe the point is, it does have to get explicit permission when it is installed, the android prompts you when installing it asking Do you want to give this application access to Storage, Contact list, GPS cordinates, Internet access etc etc...
        It is like a robber that has to knock on your door and ask you to give him your wallet, keys and laptop.
        • by owlstead (636356)

          It does so while giving you false information. Believe me, those kind of robbers are as common as the one that are breaking down your door, and can actually do way more damage. Or are you claiming that everybody that knocks on your door (or better, some unsuspecting elderly person) is to be trusted?

    • This *is* malware. From TFA:

      "Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone."

      From wikipedia:

      "A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access to the user's computer system."

      This a textbook example of real malware.

  • I could almost put money this causing a big problem in the mobile community. Originating from a Chinese mobile app store is one thing from some very tailored application is one thing, but if it's repackaged apps out in the wild for popular (a la pirated, full-version) apps, then it's most definitely going to cripple Android-equipped phone users. Let's be honest, if you can get the app for free, who wouldn't install it? Especially half-wit phone users who have enough technical savvy to go look elsewhere f

    • by owlstead (636356)

      Mweh, I haven't had much need to go outside the Google Market to be honest. If I did, it was for some demo code or specialized geeky application which I don't think they will ever target. I don't think most people will visit such sites or share apps with friends (I get loads of tips on apps, but they are by name only, and I look them up / check them out in the Google Market myself). I cannot see anybody visiting Chinese app stores unless they are linked up with them by a Chinese provider.

    • This "well crafted" and "sophisticated" thing is attached to pirated games? Who's to say the game companies themselves didn't build and plant these to discourage pirated game use?
  • by RevWaldo (1186281) on Thursday December 30, 2010 @04:13PM (#34714040)
    EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!

    .
  • http://blog.mylookout.com/2010/12/geinimi_trojan/ [mylookout.com] -- From the myLookout Blog who made the discovery
  • Even if fanbois from various camps jump with joy/sorrow with the news, I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone (end users, developers, companies, etc.) in the long run, all things considered. People saying that the Apple model is better than Android's are not realizing this.
    • Speaking of "fanbois" I don't believe anybody really claimed anything about Apple's phones yet. We won't let that ruin your day, though, so go ahead and troll on sister.

    • I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone...

      Beneficial in what sense? Not trying to be a troll, just curious. Personally, I think there should be both open/closed systems, it spurs innovation. But perhaps you have another take.

  • So is anti-virus/anti-malware worth installing on an Android phone? Because, yeah, I don't like installing apps that ask for permissions, but it seems like almost every app asks for "Full Internet Access," at least. I can't always tell the good ones from the bad. Would a free anti-malware app help or is it just a waste of time?
    • by Kenja (541830)
      If your installing apps from a suspicious third party store operating out of China odds are that anti-virus software wont do you any good.
    • by RevWaldo (1186281)
      It's the ad-supported free versions of apps that ask for Full Internet Access. Or you can crowbar a dollar out of your wallet and get the "standalone" version.

      .
  • by Suzuran (163234)

    Where's The Fucking Article?

    What The Fuck,Aye?

  • by bl8n8r (649187) on Thursday December 30, 2010 @05:44PM (#34715022)
    FTFA under "How it works":
    * Download and prompt the user to install an app
    * Prompt the user to uninstall an app

    Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?

    FTFA under "How to stay safe":
    * Only download applications from trusted sources
    * Always check the permissions an app requests

    I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed.  The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d.  Big surprise.
  • I am not downloading ANY apps from CHina. You have to be an idiot to grab them.
  • I can feel the FUD storm building...

  • Awhile back I was looking at cheap Android devices for something that would play movies for long trips. There are many cheap (sub-$200) Android tablets out there that (probably for licensing reasons) do not have access to the Android marketplace. The literature says "you can download thousands of apps from other sources".

    I'm thinking the great majority of the devices pwned by this virus will be of this cheap variety.

    • AFAIK, Google does not approve of Android use on tablets, and tries to limit "official" access to the Android marketplace to smartphones. Of course, even if a vendor cannot link directly to the Android marketplace, there is often an app available which does give such access. For example, most of the Archos tablets can use the Android marketplace if you sideload the gApps4Archos.apk application (google for it). The app was tested and approved by various reputable review sites http://www.engadget.com/2010/10/ [engadget.com]

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater

Working...