Loading ...
Sorry, an error occurred while loading the content.

new droid trojan on the horizon

Expand Messages
  • TSCM/SO Group
    New Android Trojan Found, simple countermeasure, watch what you download and run,or wipe and reload if it s too late..DO NOT go to the urls listed after the
    Message 1 of 1 , Jan 3, 2011
    • 0 Attachment
      New Android Trojan Found, simple countermeasure, watch what you download and
      run,or wipe and reload if it's too late..DO NOT go to the urls listed after
      the brief.

      http://phandroid.com/2010/12/29/new-android-trojan-found/


      Just when you thought it was safe to run around installing any apk you can
      get your hands on. Mobile security team Lookout is reporting a new trojan
      that is making the rounds, dubbed "Geinimi". It's essentially being
      "grafted" on to legitimate applications, mainly games, and distributed into
      third party App stores. So far, it has only been downloaded from
      applications hosted by Chinese App Markets.
      Unfortunately, from the information gathered so far, Lookout isn't entirely
      sure what this trojan is capable of once it has made its way onto a users
      device, and say the possibilities range from creating "a malicious
      ad-network to an attempt to create an Android botnet". What they do know is
      that it can collect a device's unique identifiers such as the IMEI and IMSI
      and every five minutes it will attempt to connect to one of several domains:

      We do not recommend going to these domains, they are only here for
      informational purposes!
      widifu . com
      udaore . com
      frijd . com
      islpast . com
      piajesj . com
      We do not recommend going to these domains, they are only here for
      informational purposes!

      If a connection is successful it transmits the information it has gathered.
      Through Lookout's analysis of the trojan it has gathered the following
      capabilities:

      Send location coordinates
      Send device identifiers
      Download and prompt a user to install an app
      Prompt a user to uninstall an app
      Enumerate and send a list of installed apps to the server

      While the infected files seem to be contained to the Chinese market for now,
      we can all take this as a refresher that no device is 100% safe from these
      types of threats and a small amount of common sense and intuition can
      prevent a lot of headache.



      Mitch Davis
      TSCM/Special Operations Group
      20 Music Square West,Suite 208
      Nashville,TN 37203 USA
      615 251 0441
      Fax 615 523 0300
      mitchd@...
      <http://www.tscmusa.com> www.tscmusa.com

      "maintaining a higher degree of excellence"
      ******************************
      Tools for investigators at <http://www.covertworx.com> www.covertworx.com

      CONFIDENTIALITY NOTICE: This communication may contain privileged or other
      confidential information, protected from disclosure under applicable law. If
      you are not the intended recipient, or the employee or agent responsible for
      delivering the message to the intended recipient, or if you believe that you
      have received this communication in error, please do not print, copy,
      retransmit, disseminate, or otherwise use the information contained herein.
      Also, please indicate to TSCM Group via phone or fax that you have received
      this e-mail in
      error, and delete the copy you have received. Thank you.




      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.