Android Mobile Malware has Botnet-like Indicators

Hackers are now focusing on users of Google’s Android mobile operating system with a malicious application that harvests personal identifiable information and sends it to a remote server from where the information can be accessed and used by the hackers.

The malware, known as ‘Geinimi’, appears to be the first of its kind and has botnet-like capabilities targeted at the Android operating system, according to a spokesperson at Lookout Mobile Securities, a company developing mobile security software.

According to Lookout, Geinimi appears to target Chinese-speaking users of Android, and they were alerted to the malware by an unnamed user who wrote a post about it on a forum.

Android Mobile Malware has Botnet like Indicators Android Mobile Malware has Botnet like Indicators

It was said that Geinimi was wrapped up in legitimate free and paid games for Android users. According to Lookout the game makers are unaware that their software is being used to distribute the malware.

Developers of identified games have been notified of the malware within their applications.

The majority of infected applications are found on third-party websites offering Android applications that have not been vetted for security.

Lookout is still in the process of analyzing Geinimi in order to determine the exact nature of information that is being transmitted.

Geinimi also logs and send the Android device’s location and other hardware identifiers, such as the IMEI and SIM card information to external servers. The malware can contact up to 10 domain names that are used to upload and store information to the server.

Due to Geinimi’s ability to contact multiple domains and obtain instructions from a command-and-control server, has lead Lookout to classify it with botnet-like capabilities.

Filed Under: NewsSecurity

Tags: , ,

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.