Chinese bot will slurp your Droid
Evil 'game' can also zombenate victims
A Trojan capable of stealing data from infected Android smartphones, and bundled with botnet-style functionality, has appeared in China.
The mobile malware, dubbed Geinimi, which usually poses as gaming applications, has been uploaded onto third-party Chinese Android app markets. If installed, the malware sends personal data from compromised devices (specifically device identifiers, location information and list of installed applications) to a remote server.
Geinimi is also capable of receiving commands from remote servers controlled by hackers, this botnet-style functionality together with the use of code obfuscation techniques leads mobile security firm Lookout to describe the malware as the most sophisticated to appear on Android devices to date. This botnet control functionality is yet to be applied so the precise purpose of the malware remains unclear.
The very small number of Android infecting malware strains detected to date have included a Trojan capable of sending SMS messages to premium-rate numbers from compromised devices. The Trojan, which affected an unknown number of users, appeared on Russian-language sites offering pornographic video clips.
Both the Russian and Chinese Android Trojans relied on exploiting user searches for warez. Each of the Android malware strains was regionally targeted, and posed no risk to users who only downloaded apps from recognised sources.
Lookout, a mobile malware specialist that recently secured $19.5m in additional funding, sells anti-virus software for Android devices, hence its understandable interest in drawing attention to the Chinese malware. Alternative Android anti-virus apps exist, including alternative commercial software packages from likes of Symantec and Kaspersky as well as DroidSecurity's ad-supported antivirus app for Android handsets. ®
Some background info
The trojan's name is Geinimi or GeiNiMi (gay-nee-mee, 给你米), translated as "to give you rice" ("mi" could also mean metre). I see it in written contexts that may mean "to gain for you". Traditionally, Chinese idioms are four characters. I'm not a native Chinese speaker, but one source says this is a relatively new, modern idiom for "I give you my rice" (a quintessential Chinese staple), as in pushing or forcing it on them, implying the person doesn't rate or can't afford even rice, that they are a worthless member of society and pitiful.
This made CNET news in China on 2010-12-03 (http://www.cnetnews.com.cn/2010/1203/1956595.shtml) after it was publicized by NetQin (网秦, http://www.netqin.com), a mobile device security company in China who seems to be the first to identify it on 2010-11-26 (http://virus.netqin.com/android/BIT.GeiNiMi.A/). Their relation, if any, to Lookout Mobile Security who publicized the existence of the trojan in English-speaking markets, is unclear. I'm glad people in other parts of the world are being made aware. Rogue mobile apps, insecure apps, and trojans are a threat to virtually everyone.
This seems related to reports of backdoors in games for the Andoid platform as far back as 2010-10-27 (http://bbs.gfan.com/android-280850-1-1.html).
On one page of the Gfan site (http://bbs.gfan.com/android-283253-1-1.html), a user claimed that this is a trojan (or "implant") developed by an unscrupulous firm related to spamming and located in the Caohejing Development Zone, Shanghai. That user pointed a link a link to the website at geinimi.com, and there is an IIS webserver there, but it looks like all content has been deleted.
I got voted down last time i asked people to actually read what permissions something wanted.
It should really be common sense!
so it steals phone identifiers and location information ...
Judging from the permission requests, most of the apps in the google app store already collect and send out this information. At least from the app reviews in the store, most users are hardly ever concerned with these permissions. Even when they are, they seem to serenely accept very improbable explanations from developers for why they need a certain privilege. There isn't much privacy on Android (or iphone for that matter), the only new angle here is the botnet capability.