Lookout’s blog has announced that there has been a new Trojan found that affects Android handsets. It seems that it started out by being placed inside what looked like legitimate Android apps in China, but the permissions were far outside of what would have been needed. The information was then sent to a remote server where everything could be controlled from the phone.
Fortunately for those who have lookout’s free service, they are protected against this. (As well as providing a fix for those who don’t yet have it.)
The website goes more in-depth on the trojan stating:
Though we have seen Geinimi communicate with a live server and transmit device data, we have yet to observe a fully operational control server sending commands back to the Trojan. Our analysis of Geinimi’s code is ongoing but we have evidence of the following capabilities:
- Send location coordinates (fine location)
- Send device identifiers (IMEI and IMSI)
- Download and prompt the user to install an app
- Prompt the user to uninstall an app
- Enumerate and send a list of installed apps to the server
While Geinimi can remotely initiate an app to be downloaded or un-installed on a phone, a user still needs to confirm the installation or un-installation.
Just a friendly reminder that when downloading non-market apps, you always run this risk, so be sure you know what you’re getting yourself into, and check those permissions!