Android Trojan Found, Spreading From Chinese App Stores

wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices. "The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."

Re:A lot like Windows after all

[0123456]

And neither can Windows, yet it is always blamed for someone installing malware on their systems

What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?

Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.

Re:Easy to stop, & how to do so... apk

[icebike]

ANDROID OS allows for the usage of custom HOSTS files,

None of that is necessary. Why even post this crap?

Simply load your apps from the Android market instead of dodgy Chinese warz sites.

Punch Yourself in The Genitals ?:

[bl8n8r]

FTFA under "How it works":
* Download and prompt the user to install an app
* Prompt the user to uninstall an app

Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?

FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests

I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed.  The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d.  Big surprise.