Android trojan sign of mobile malware evolution
A new trojan targeting Google Android users, mostly in China, could be a sign that mobile malware is getting sophisticated in a hurry.
The trojan, dubbed Geinimi, contains botnet-like capabilities and may serve as proof that malware designed for the smartphone is evolving much faster than it did when PCs first arrived on the scene, said Kevin Mahaffey, CTO of Lookout Mobile Security, which recently discovered the malware and posted a technical analysis of it on Friday.
"This is certainly a great leap in advancement over previous instances of malware," Mahaffey said. "There is a reasonable thesis that mobile malware will increase trajectory and become advanced relatively quickly."
Geinimi is embedded in what appears to be a legitimate game for the Android device and targets mostly Chinese users visiting third-party download sites and application stores. Researchers have not seen it in the official Android Market.
"This trojan is being distributed and repacked inside of legitimate applications," Mahaffey said. "When a user tries to download the game, they are downloading the repackaged game. [But] they have no indication it is, in fact, malicious."
Once on the phone, the malware can trigger the device to send data, such as phone numbers, identification codes, text messages and contacts, back to a command-and-control server, said Tim Wyatt, principal security engineer at Lookout. Researchers, however, so far have seen no evidence of any commands being issued.
In addition, the server hub could force the infected device to send an SMS message to any phone of its choosing, opening the door for the device to text premium-rate numbers without the user's consent.
"We always try to ask ourselves what the incentives are for attackers, and premium SMS is a very powerful incentive," Mahaffey said. "It's easy-to-monetize malware."
Few Americans are believed to have been impacted.
"It is possible for U.S. users to stumble across these trojans if they're looking for pirated games, for example," Mahaffey said.
This represents the most elaborate piece of Android malware to date, Wyatt said.
In August, the first malicious program targeting smartphones running the Android operating system was detected, according to researchers at Kaspersky Lab. However, Geinimi seems to be taking cues from the PC threat environment, with its botnet-like functionality.
"This is a big step forward in terms of what we've seen," Wyatt said.
Users are encouraged to treat their mobile devices with the same sense of security they would their traditional computers, Mahaffey said. That includes being careful when visiting download sites or surfing the web.
There is more bad news for mobile users.
They often are first to arrive at phishing sites and are three times more likely to submit their login information than desktop users, according to a recent study by internet security firm Trusteer.
Mobile users are more likely to be duped because smartphones allow them to be online at all times, the study found. Also, it may be more difficult to spot a phishing site on a smartphone than a desktop.
By analyzing the log files of several web servers that were hosting phishing sites, researchers also discovered that eight times more iPhone users accessed phishing websites than Blackberry users. Many Blackberry users are issued their devices by a business and, as a result, may be more educated than iPhone users about the dangers of clicking on untrusted links.
Reporter Angela Moscaritolo contributed to this story.