Slashdot Mirror
Android Trojan Found, Spreading From Chinese App Stores
wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices.
"The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."
Posting from my Androi^B^B BUY HERBAL VIAGRA
"When information is power, privacy is freedom" - Jah-Wren Ryel
Here's the story on the Lookout Blog.
If it's not Linus, then we might assume it's Rerun or Lucy.
"Common sense will be the death of us all"
proper code signing (and not letting unsigned code run) is important.
An hour later and you're hungry for privacy again.
So beware of downloading things from Chinese websites? That's news?
Um, what if you are Chinese?
Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.
This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.
There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.
There are a number of applications—typically games—we have seen repackaged with the Geinimi Trojan and posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.
0 = 1 + e^(Alt something)
Certainly, the average doofus who bought "one of those smartphones" will be able to follow all those directions.
EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!
.
Prisencolinensinainciusol. Ol Rait!
Yeah, except this is not a virus and Android doesn't seem to be very susceptible to viruses.
The last time "sophisticated" was attached to the word malware, a certain Middle East country had problems with its uranium-enrichment program. So what are the chances of this being the mobile version of the Stuxnet worm?
About the same as the chances of anyone using an Android phone to concentrate uranium.
Zero.
Faster! Faster! Faster would be better!
Shame that Android is based on Linux then isn't it?..
Linux can't stop Joe Sixpack from downloading malware from the Internet and installing it on his computer. At least, not without becoming another iThing that only allows installation of Jobs-approved software.
Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
You're right, it isn't fair to blame Windows for user-supplied malware.
However, that does not mean Windows is any more secure; not all windows malware is user-supplied.
In Xanadu did Kubla Khan
A stately pleasure dome decree
And neither can Windows, yet it is always blamed for someone installing malware on their systems
What's the percentage of Windows users who install malware on their system rather than being hit by a remote exploit?
Pretty much every major Windows security story I've read in the last couple of years is due to some hole being exploited either in Windows or commonly used Windows software which lacks the sandboxing that's common on Linux (Apparmor, SELinux, etc), not users downloading trojans.
I've checked, and it turns out I'm not Chinese.
ANDROID OS allows for the usage of custom HOSTS files,
None of that is necessary. Why even post this crap?
Simply load your apps from the Android market instead of dodgy Chinese warz sites.
Sig Battery depleted. Reverting to safe mode.
Here you go. And here's a better one.
Free Martian Whores!
Even if fanbois from various camps jump with joy/sorrow with the news, I still think that the open model that Android brought to the mobile world will be much more beneficial for everyone (end users, developers, companies, etc.) in the long run, all things considered. People saying that the Apple model is better than Android's are not realizing this.
Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?
Linux protects much better than Windows against remote attacks, it can't protect against stupid users.
IMHO a strong case could be made that any non geek buying an Android product is by definition a 'stupid user' as there a better user experience out there for the same price that they would have selected if they were smart.
FTFA under "How it works":
* Download and prompt the user to install an app
* Prompt the user to uninstall an app
Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?
FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests
I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed. The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d. Big surprise.
boycott slashdot February 10th - 17th check out: altSlashdot.org
But that's the reason people buy Android phones, to have the freedom to do stupid things and install dodgy software?
Right on. Choose your store, choose your virus. Android is much more of a general computing platform than iOS will ever be. And that's not always a good thing.
Write boring code, not shiny code!
So your solution to malware is to have users jailbreak/root their phones, and put in a bogus hosts file so that the malware cannot resolve its "control server"? And you think that's solved the problem?
Ok so what if the botnet uses IP addresses? Or the user does not have root access on their phone. Last and most important, your solution requires the user to know something about the malicious software they are installing specifically what hostnames it would try to resolve, before installing it. If the user already knows the software is malicious, why would they install it?
Ok I'll bite, what is 'Linux' doing to protect you from attacks that 'Windows' isn't?
For starters, not trying to execute stuff that comes in from questionable routes like USB drives, CD and DVD ROMs, embedded in various files like jpegs, PDFs and so on.
But you knew that because you're clearly not stupid.
You know, I shouldn't respond to crazy people, but it really does illustrate my point beautifully. What did I say? What were my words? That you could not produce a SINGLE SHRED of actual mathematical proof that your magical woobie would scale, and that instead you would copypasta and troll bomb the entire thread.
And what did you do? You posted some complete rambling bullshit about 0.99 (Is that your "magical number of protection" Petey?) which had exactly fuck all to do with your magical HOPES file, because you just can't do it can you Petey? You see, it is simple. Math doesn't fall for anecdotes, math doesn't pick sides, and no matter how many times you try to change the subject you STILL cannot show us how 18,000+ pieces of malware released per week + 1.3 million currently infected websites + 180,000+ websites added PER DAY to that list, with another 20,000-35,000 taken off that list PER DAY, can all be stopped by a static text file.
You can't do it, changing the subject won't change the fact you can't do it, and no matter how hard you trollbomb or wish upon a star printing your magical .99 protection symbol, nothing you can do or say can change the fact that after repeated requests you still can't show your work and do the math showing that a static file can magically scale to those kinds of numbers. So give it up Petey, you can't do it. Admit you're a failure, accept it, and move on. Otherwise you can prove us all wrong by putting your supposed "genius" where your mouth is and show us the REAL figures and not your crazy VB6 math.
ACs don't waste your time replying, your posts are never seen by me.
And this coming from poor wittle APK, also know as "the idiot HOPES file guy"? As in you HOPES that one of the 300,000+ constantly changing array of websites that are infected doesn't happen to be the one you visit today? Or that you HOPES that nobody notices after repeatedly being asked you have FAILED to show even the tiniest shred of mathematical proof that your magical woobie can scale? That you HOPES nobody notices your only "prrof" is anecdotes, often by your own sock puppets like Kingsjester?
If there is ANYONE that should be LOLing it is me, for pointing out there are still morons that believe 16Mb HOPES files can do anything but block ads since ad servers are...what do you call it...oh yeah STATIC, just like your HOPES file, but really you are just kinda pathetic. You're like the idiot that just keeps hanging onto that three years out of date copy of Norton, because he is just so damned sure it still works, only the Norton guy is actually better protected than you are, since it did used to work in the past 5 years.
So please, keep posting APK, I do so enjoy pointing out the total uber fail of your magical woobie so. I also personally consider it a public service to point people to solutions that actually work instead of relying on magical woobies and anecdotes. And of course bitch slapping your around is also quite fun!
ACs don't waste your time replying, your posts are never seen by me.