Geinimi: a fancy trojan for Android
An interesting new Trojan, which in the English version was called Geinimi, was discovered on Chinese websites.
According to the experts of Lookout Mobile Security, “this is the most sophisticated malware for Android among everything that has come to this day”, because such methods of disguise were not used in previous Trojans. In particular, Geinimi has a ready bytecode obfuscator, and parts of the program are encrypted, which makes it difficult for researchers to analyze the program.
At the moment, the trojan is distributed from Chinese software catalogs in packages with games Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010. It is assumed that Geinimi will soon be included in the kits with Android applications on sites and outside of China. But so far no application has yet been infected on Google Android Market, including the original versions of the above games on Google Android Market do not contain a trojan. If it appears there, it will be reported additionally.
After downloading the infected program, the user needs to confirm the installation of the application from an “unknown source” (“Unknown sources”).
')
The program works in the background and collects personal data: device coordinates, IMEI numbers and IMSI. Then, at intervals of one minute, attempts are made to contact one of ten remote servers (www.widifu.com, www.udaore.com , www.frijd.com , www.islpast.com , www.piajesj.com , etc.), where all collected information is transferred. Among other features of the Trojan: installing programs on the phone, removing programs from the phone (both with the user's permission), the ability to list all installed programs and send it to a remote server.
It is also the first program for Android capable of participating in the formation of a botnet: the trojan has the function of receiving remote commands. True, researchers have not yet been able to check how it works.
According to the experts of Lookout Mobile Security, “this is the most sophisticated malware for Android among everything that has come to this day”, because such methods of disguise were not used in previous Trojans. In particular, Geinimi has a ready bytecode obfuscator, and parts of the program are encrypted, which makes it difficult for researchers to analyze the program.
At the moment, the trojan is distributed from Chinese software catalogs in packages with games Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, Baseball Superstars 2010. It is assumed that Geinimi will soon be included in the kits with Android applications on sites and outside of China. But so far no application has yet been infected on Google Android Market, including the original versions of the above games on Google Android Market do not contain a trojan. If it appears there, it will be reported additionally.
After downloading the infected program, the user needs to confirm the installation of the application from an “unknown source” (“Unknown sources”).
')
The program works in the background and collects personal data: device coordinates, IMEI numbers and IMSI. Then, at intervals of one minute, attempts are made to contact one of ten remote servers (www.widifu.com, www.udaore.com , www.frijd.com , www.islpast.com , www.piajesj.com , etc.), where all collected information is transferred. Among other features of the Trojan: installing programs on the phone, removing programs from the phone (both with the user's permission), the ability to list all installed programs and send it to a remote server.
It is also the first program for Android capable of participating in the formation of a botnet: the trojan has the function of receiving remote commands. True, researchers have not yet been able to check how it works.
Source: https://habr.com/ru/post/110950/
All Articles