Geinimi Trojan – First Reported Botnet To Steal Data from Android Mobiles
The Mobile Security vendor LookOut has recently discovered a new Trojan targeted at the Android Mobile phones. Codenamed as “Geinimi”, this trojan has the capability to act as a botnet, which can be controlled by a remote server and can send the sensitive user data remotely on receiving the instructions from its central command server.
Geinimi Trojan is being termed as “the most sophisticated Android malware” so far, but its impact is currently limited as the infected apps are available only on Chinese Android app markets, Lookout said in its warning. That’s not to say it couldn’t be packaged into other geographic regions, but that it hasn’t been done yet.
How the Geinimi Trojan Operate as a Botnet
When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.
Stay safe and think twice before allowing any third party applications to your Android Mobile phone or any other other device for that matter.