Android Trojan Found, Spreading From Chinese App Stores

wiredmikey writes that researchers from Lookout Mobile have discovered a sophisticated Trojan targeting Android devices. "The company says the mobile malware is 'The most sophisticated Android malware we've seen to date. Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.' What makes the Trojan different from most 'standard' mobile malware is that Geinimi is being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets."

First post

[GameboyRMH]

Posting from my Androi^B^B BUY HERBAL VIAGRA

I guess RTFA went out the window entirely...

[AltairDusk]

Here's the story on the Lookout Blog.

Not "malware"

Lookout Mobile appears to be in the process of trying to redefine "malware" to mean "software that sends more data about a phone to a remote server than Lookout think it should". This is not the standard definition of malware that we all know and love.

This Android "trojan" is not like regular viruses from the PC world in many ways. It cannot resist uninstallation. It cannot infect other applications. It cannot lie about what it will do - the permission screen states quite clearly what the apps in question have access to. It cannot steal your passwords or bank details.

There are legitimate questions to ask about apps that send phone IDs surreptitiously to some remote people, but calling these apps "trojans" or "malware" is dangerous, it makes people think they need a virus scanner for their phone when in reality they don't. That's exactly what "Lookout" want of course but it's no reason to believe them.

"Android Trojan Found"?

[RevWaldo]

EWWWW!! It was in the back of the machine shop? And it was covered in WD40? EWWWWW!!1!

.

Re:"Android Trojan Found"?

[localman57]

Really? I just saw a very distressed electric sheep running out the back door...

Re:A lot like Windows after all

[0123456]

Whenever anything bad happens on the android platform related to malware, trojans, etc this distinction is heavily downplayed.

Again, if I download and install malware on one of my Linux boxes, how is this a Linux problem?

Linux protects much better than Windows against remote attacks, it can't protect against stupid users.

Re:Easy to stop, & how to do so... apk

[icebike]

ANDROID OS allows for the usage of custom HOSTS files,

None of that is necessary. Why even post this crap?

Simply load your apps from the Android market instead of dodgy Chinese warz sites.

Punch Yourself in The Genitals ?:

[bl8n8r]

FTFA under "How it works":
* Download and prompt the user to install an app
* Prompt the user to uninstall an app

Question: If you were asked to punch yourself in the genitals, would you still click "Ok" ?

FTFA under "How to stay safe":
* Only download applications from trusted sources
* Always check the permissions an app requests

I think it's pretty obvious the malware writers were not able to circumvent the normal Android security measures to get the software installed.  The problem is that people who don't take responsibility to keep crap off their phones are going to get pwn3d.  Big surprise.