That’s right, Geinimi is being dubbed as the most advanced trojan on Android, despite the fact that we don’t really know exactly its main purpose. We do know this, basically, Geinimi, upon installation will find the devices location (coordinates) and send to remote servers the device identifiers (IMEI and IMSI). It will then download and prompt the user to install/ uninstall an app and send a list of installed apps to a remote server. Right now, according to Lookout Mobile Security the virus seems to attempt to create an Android botnet. It gathers a lot of personal data and send it to remote servers, it can also receive commands from a remote server allowing the owner of the remote server to control the infected device.
Geinimi is being distributed as part of repackaged Apps available from third party Chinese App Stores. Infected apps include Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010 all distributed in China. This reinforces the fact that downloading and installing third party applications should only come from trusted sites. Note that the original apps in the Android Market is trojan free and that this trojan threat applies to only a very limited number of repackaged applications available in China.
Related links
– Security Alert: Geinimi, Sophisticated New Android Trojan Found in Wild