A new trojan virus has been detected by a mobile security firm that it says can turn Android smartphones into botnet-like devices. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers, reports Lookout Mobile Security. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.
However, at the moment, the Trojan is only being distributed through 3rd-party Chinese app stores, and has not been seen on any of the more legitimate apps stores, or the official Android Market.
According to LookOut, when when a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy. The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names.
Though they have seen Geinimi communicate with a live server and transmit device data, they say that they have yet to observe a fully operational control server sending commands back to the Trojan.