Geinimi - Trojan in Android OS Stealing User Data

Geinimi – Trojan in Android OS Stealing User Data

People who have an high end business data storage in their smart phones have started preferring to use the mobile handsets which have been powered by Android OS . They are preferring Android OS because it has Linux-based kernel, which is believed to be the most secure and safe architecture.

But few weeks back it was found that hackers have created Mariposa botnet an Android targeting stuff. And now Geinimi an trojan has been introduced into the Androids by the hackers which steals the user data and sends it to multiple remote servers.

It spread via games package. The whole process is in sequence. First when the Android user downloads untrusted game packs generally from chinese app stores , while installing them the apps ask for broader level of permissions from the user to install the game. When they are installed they send the following information to the remote servers:

- Send location coordinates (fine location)

- Send device identifiers (IMEI and IMSI)

- Download and prompt the user to install an app

- Prompt the user to uninstall an app

- Enumerate and send a list of installed apps to the server

In turn the remote servers send instructions to the app and the trojan does it work then.

At present neither the remote servers have been identified nor the purpose of the trojan is identified.

It can be said that Geinimi works like Botnet for Android. And also can be added that Confidential data is not even secure in Android Based Devices.

It is Better advised to download Android Apps from trusted App Stores and read the permission level report before granting the permissions to the app you install.

Rating: 0.0/5 (0 votes cast)