A SOPHISTICATED TROJAN that infects the Android operating system has been spotted in China by Western insecurity experts.
Dubbed "Geinimi", the Trojan can steal a lot of the personal data on a user's phone and pack it off to remote servers.
Lookout Mobile Security claims that it is the most sophisticated Android malware it had seen and it is the first Android malware that displays botnet-like capabilities.
"Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone," the outfit claims in its blog. The Trojan gathers identifying and location information from an infected smartphone and tries to contact one of ten remote servers every five minutes to transmit the collected data.
Currently Geinimi is being distributed by being "grafted" onto repackaged versions of legitimate software, mostly games, which are then made available in Chinese apps stores.
If a game is infected it often asks for more permissions than you would normally expect. Apparently users just keep clicking "yes" until they are infected.
The Trojan's main function is not clear. It might be a malicious ad-network's attempt to create an Android botnet, which would be a real pain if you have a data cap on your phone.
