Nasty Android Trojan found grafted to gaming appications

The most sophisticated Trojan for Android smartphones yet. That's how security firm Lookout describes "Geinimi," a nasty piece of malicious software it has just discovered grafted on to downloads of some popular Android gaming Applications.

The risk to Westerners is presumably limited, since versions of the tainted gaming applications have only turned up on a Chinese mobile apps website. An Android user in the US, for instance, would only be exposed to this Trojan if he or she visited the Chinese site and downloaded the viral copy of the gaming applications in question.

"We've only seen this Trojan occur in applications stores targeting Chinese users," says Lookout CTO Kevin Mahaffey. He says it's "possible infected applications could be posted to applications stores targeting U.S. users in the future."


The tainted games found in the Chinese app stores include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. Mahaffey says the original versions of those games -- available in the official Google Android Market store -- have not been affected.


Geimini shares much in common with drive-by download infections spread on popular websites across the Internet. These Trojans are designed to infect the PC web browser of any and all visitors to the tainted websites. Once Geimini downloads to your Android phone, the attacker essentially has a mechanism in place to do anything he wants.

So far Lookout's analysis of Geinimi has determined that it is capable of sending device identifiers and location coordinates, generating a list of all installed apps on the infected phone and installing other viral apps. Geinimi also uses sophisticated techniques to hide its tracks.

"It has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Mahaffey. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

Lookout supplies free antivirus for mobile devices that blocks Geinimi and other mobile device malware.

Sonyericsson X10 Mini Successor Runs Gingebread on 1GHz CPU

The official word is that Sony Ericsson will unveil the new Xperia series smartphones on February 13. Chinese Sony Ericsson Fans Forum IT368 member leaked images of a compact Xperia smartphone running Android 2.3 Gingerbread. 

This phone is said to be an Xperia X10 Mini & Mini Pro successor with 3-inch display and the hardware buttons in reverse order.The leaked unnamed Sony Ericsson Xperia phone has about 3-inch 320x480 screen. This device was running Google's recently announced Android 2.3 Gingerbread update. Under the hood this phone is said to have 1GHz Scorpion Core based Qualcomm Snapdragon QSD8255 chipset along with an Adreno 205 GPU. The Quadrant score (1533) of this device showed that it outperformed even the Nexus One running Android 2.2 Froyo update and left Galaxy S far behind. 

This might be the third Xperia series phone along with X12 ANZU and the recently spotted mysterious Xperia device to be unveiled at MWC 2011.

Sony Ericsson's Xperia X10 Mini and Mini Pro are good Android devices, but they are found lacking when it comes to the latest update. Both phones come with stock Android 1.6 update, while the Android 2.1 Eclair update for them was released just last month.

Honeycomb Will be Than Likely Be Android 2.4 And Not 3.0 After All

About 2 weeks ago, Taylor from Android And Me posted a rumor targeting the previous assumption regarding the version number of the next Android iteration, codenamed Honeycomb. Specifically, for no reason whatsoever, everyone assumed Honeycomb would be released as Android 3.0. However, citing a trustworthy source, Taylor had some information pointing at a different, more incremental number – 2.4.

Because the rumor was unconfirmed, we decided to hold off until we could get more information. Today, after seeing this post at pocketnow, I decided to check our own visitor statistics and found nothing but evidence indeed pointing at Honeycomb 2.4 and not 3.0.

Specifically, in the last 30 days, we have had 15 visits with Android 2.4. On another hand, we had 0 visits with Android 3.0. Sure, the OS version can be faked, but I find it pretty unlikely that there are suddenly multiple sightings of 2.4, completely independently from each other and all around the same time (see below) and, at the same time, no sightings of 3.0 whatsoever.

Considering that Honeycomb is supposed to merely bring tablet related UI (user interface) and UX (user experience) improvements to Android, it is quite understandable why Google went with 2.4, rather than 3.0. If the timing is right somehow, I would expect them saving 3.0 for something like Google I/O, which will be happening on May 10-11th in 2011.

Android Honeycomb Music Player: Full Guide [Early Leak]

SO, there’s an Unofficial / Leaked version of the new Honeycomb music player from Android floating around out there, right? Well, we had quite a time getting this little APK to work once we got it, and we bet we weren’t the only ones. Therefor, we’ve whipped up for you this little guide and points post so that you might get the sweet updated music action working on your Android device with as little or no hassle as possible. Check it out – and REMEMBER before doing anything, backup your system. Always always always.
First, and foremost, you’ll most likely need a rooted explorer to be able to do step one. Step one is to locate and either delete or otherwise remove your existing Music Player app. This will more than likely be called GoogleMusic.apk and will be located under system
 
There’s another file in that download by the name of JumperTest, which will not open for you. More about that file down below.

Two steps, that’s it! But wait, what if it doesn’t work? Try stopping what you’re doing, clearing your cache, and trying again.

Now as far as the source for this APK goes, the furthest back we can track it is, of course, XDA, to a user by the name of johnnie93, who posted the following video and gave a big happy face emoticon saying “I will not disclose my sources.”

An Android Trojan is spreading in China

A SOPHISTICATED TROJAN that infects the Android operating system has been spotted in China by Western insecurity experts.

Dubbed "Geinimi", the Trojan can steal a lot of the personal data on a user's phone and pack it off to remote servers.

Lookout Mobile Security claims that it is the most sophisticated Android malware it had seen and it is the first Android malware that displays botnet-like capabilities.

"Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone," the outfit claims in its blog. The Trojan gathers identifying and location information from an infected smartphone and tries to contact one of ten remote servers every five minutes to transmit the collected data.

Currently Geinimi is being distributed by being "grafted" onto repackaged versions of legitimate software, mostly games, which are then made available in Chinese apps stores.

If a game is infected it often asks for more permissions than you would normally expect. Apparently users just keep clicking "yes" until they are infected.

The Trojan's main function is not clear. It might be a malicious ad-network's attempt to create an Android botnet, which would be a real pain if you have a data cap on your phone.