The future of computing is mobile, and, unfortunately, the future of malware will probably lie there too. Well-funded mobile security startup Lookout has just posted a blog entry detailing what it calls “the most sophisticated Android malware to date”: a Trojan that’s being “grafted” onto legitimate applications. Fortunately, the odds of you being affected are quite low.
The Trojan in question has only been seen on third-party Android app marketplaces in China, which aren’t accessible without turning on “Unknown Sources” from Android’s settings menu (the vast majority of users only download applications via the official Android Market). And the infected applications request access to far more of the user’s data than they normally would (users have to approve these requests before installing an app), which can tip users off that something is amiss.
But, if you’re unlucky enough to have cleared those hurdles, here are some of the details on what Lookout believes the Trojan is capable of:
Though we have seen Geinimi communicate with a live server and transmit device data, we have yet to observe a fully operational control server sending commands back to the Trojan. Our analysis of Geinimi’s code is ongoing but we have evidence of the following capabilities:
Send location coordinates (fine location)
Send device identifiers (IMEI and IMSI)
Download and prompt the user to install an app
Prompt the user to uninstall an app
Enumerate and send a list of installed apps to the server
Lookout writes that this is more sophisticated than previously discovered malware because it attempts to hide what it’s doing through encryption and bytecode obfuscation. It also says that this is the first Android malware that could potentially be used to create a botnet, though it hasn’t seen any instances of a server actually communicating with the Trojan yet:
Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.
One other thing to note: Lookout is in the business of mobile phone security — it offers applications for Android, BlackBerry, and Windows mobile — so it obviously stands to benefit from exposing these exploits.
In August 2005, Google acquired Android, a small startup company based in Palo Alto, CA. Android’s co-founders who went to work at Google included Andy Rubin (co-founder of Danger), Rich Miner (co-founder of Wildfire), Nick Sears (once VP at T-Mobile), and Chris White (one of the first engineers at WebTV). At the time, little was known about the functions of Android other than they made software for mobile phones. This began rumors that Google was planning to enter...
Lookout is a security technology company dedicated to making the Post-PC world safer for everyone. We develop software that secures personal devices, protects the BYOD workforce and defends mobile infrastructure and networks. To address the unique security challenges of the Post-PC era, we take a different approach, tackling security as a data problem. We’ve created the world’s largest mobile data set and combined it with the power of our 40 million users to build a powerful cloud-based protection platform. Lookout...