Surprisingly sophisticated mobile malware targets Android

Identity theft is down, but your phone is working for the bad guys


From the good news/bad news department:

The cost of identity theft dropped by a third in the U.S. during 2010, to $37 billion, compared to $56 billion in 2009, according to a survey of consumer fraud from security and financial analysis researchers Javelin Strategy and Research.

On the other hand the number of pieces of malware designed for cellphones rose 46 percent in 2010 compared to 2009, according to security vendor McAfee's most recent quarterly Threats Report.

The report identified 20 million new pieces of malware of all kinds, for a total of 55 million. Thirty-six percent of those were created during 2010.

Of the mobile malware, "one of the most important threats of the quarter" was a Trojan called Android/Geinimi that can steal data on both phones and SD cards. It travels through infected applications, usually downloaded from third-party sites, a pathway that labels the apps "side-loading" because they don't come from the primary Android apps market.

Geinimi first showed up in China toward the end of the year, travelling by grafting itself onto legitimate software in Chinese third-party Android app markets, according to smartphone security software vendor Lookout.

When the infected application runs, Geinimi launches in the background and collects private inforrmation, including unique identifiers for the device and SIM card. Ever five minutes it tries to upload the information to one of ten domain names., sometimes communicating with live servers, sometimes not.

The Trojan can also download or launch an additional app to help it work, thought the owner still has to approve the launch of the new app.

Lookout describes the Trojan as a new level of sophistication in Android malware, partly for the multifaceted infection mechanism, partly for the ways it tries to hide itself on the phone using code from "an off-the-shelf bytecode obfuscator" (which is my new favorite phrase in geekspeak).

Geinimi could be doing anything from just swiping information to building a highly mobile botnet; it's hard to be sure, according to Lookout.

It's more traditional and data-focused than a newer, even more innovative bit of malware created by researchers at the University of Hong Kong and Indiana University, just to prove they can do it.

Join us:






Answers - Powered by ITworld

Ask a Question