Geinimi: New Android Malware from China or Just a Hoax?

Geinimi is the latest scare in the Android world. It is a sophisticated Android malware from China. It is designed to take control of a device and it can even make the device a part of a botnet. However, there is a catch. All of this is valid only if you are installing third party apps from unauthorized sources as this app did not make it to the Android market.

TNW has  warned users not to be scared by the threat alert on the Lookout security blog. In other words, there is not much of a threat from this malware, since more than half of the people using Android will not install it at all.

Lookout Security has claimed that the malware is spreading by being repacked into legitimate versions of Android applications on the app market. This malware can be checked by the permissions that an app requests. In Android, if any application requests more permissions than it needs, there is a very good chance that it does more than it claims it does.

The current capabilities of Geinimi, as stated by Lookout are,

Though we have seen Geinimi communicate with a live server and transmit device data, we have yet to observe an operational control server sending commands back to the Trojan. Our analysis of Geinimi’s code is ongoing but we have evidence of the following capabilities:

  • Send location coordinates (fine location)
  • Send device identifiers (IMEI and IMSI)
  • Download and prompt the user to install an app
  • Prompt the user to uninstall an app
  • Enumerate and send a list of installed apps to the server

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.