Chinese trojan attacks Android

A new trojan originating in China is attacking devices using the Android operating system.

The Geinimi malware has been discovered in a number repackaged games and potentially can transmit personal data and receive commands from a remote server which can llow the owner of that server to take control of the device according to mobile insecurity outfit Lookout.

Geinimi is being grafted into legitimate software and redistributed via third party Android apps markets in China.

Reports indicate that applications downloaded from the official Google Android Market are as yet unaffected.

"When a host application containing Geinimi is launched on a user’s phone, the Trojan runs in the background and collects significant information that can compromise a user’s privacy," warns Lookout. "The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names."

A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Lookout says that the malware's authors have "raised the sophistication bar significantly" over previous attacks by using encryption techniques to effectively hide the nefarious activity.

Of course, Lookout says that users of its free AV software are already protected.