December 21, 2014

Security Alert! Geinimi, new Android Trojan has been found

Lookout’s blog has announced that there has been a new Trojan found that affects Android handsets.  It seems that it started out by being placed inside what looked like legitimate Android apps in China, but the permissions were far outside of what would have been needed.  The information was then sent to a remote server where everything could be controlled from the phone.

Fortunately for those who have lookout’s free service, they are protected against this.  (As well as providing a fix for those who don’t yet have it.)

The website goes more in-depth on the trojan stating:

Though we have seen Geinimi communicate with a live server and transmit device data, we have yet to observe a fully operational control server sending commands back to the Trojan. Our analysis of Geinimi’s code is ongoing but we have evidence of the following capabilities:

  • Send location coordinates (fine location)
  • Send device identifiers (IMEI and IMSI)
  • Download and prompt the user to install an app
  • Prompt the user to uninstall an app
  • Enumerate and send a list of installed apps to the server

While Geinimi can remotely initiate an app to be downloaded or un-installed on a phone, a user still needs to confirm the installation or un-installation.

Just a friendly reminder that when downloading non-market apps, you always run this risk, so be sure you know what you’re getting yourself into, and check those permissions!



  • http://Androidguys Keefers

    I also read that phones that have” lookout”are safe from the trojan. Any truth to that?

    • Paul Weston

      Yes, according to Lookout, themselves, if you have Lookout installed, you are safe!

  • http://cassidyjames.com Cassidy James

    Third-party Chinese app stores. So… not a problem for the Google-approved Android devices. Right?

    • Paul Weston

      Apps from the Google Market should be safe, but always be sure to check the permissions when downloading any app!

  • http://www.sourcebits.com/android Android Development

    One good thing is even after Geinimi downloads an add-on package it will prompt you to authorize the installation. That can save a lot many people to stop the installation.