Geinimi Android malware has 'botnet-like' capabilities

Lookout Mobile Security warned that it identified a new Android Trojan named Geinimi that is built to lift and transmit personal data from a user's phone and ship it to a remote server.

If you've read any number of 2011 security prediction lists, you've no doubt noticed that mobile malware ranked near the top of each. Not that mobile security predictions took much of a crystal ball or stretch of the imagination to make, but the world didn't even have to wait for the clock to strike midnight on Jan. 1 to see them start to come to fruition.

MORE ON THE BOTNET WAR

On Dec. 29, mobile security specialists Lookout Mobile Security identified a new Android Trojan named Geinimi, built to lift and transmit personal data from a user's phone and ship it to a remote server. "The most sophisticated Android malware we've seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allows the owner of that server to control the phone," the company wrote in its blog.

Also see the mobile security survival guide

Looks like mobile malware is starting to grow up. As more of these devices edge their way into the hands of executives and corporate networks, the danger to data is clear. Not only is any proprietary data held on these phones at risk, but so is authentication data such as passwords, usernames and other credentials.

There's no easy solution for organizations, analysts say. "If you think you are going to be able to successfully ban these devices, you are fooling yourself," says Pete Lindstrom, research director at Spire Security. "The only clear short term answer is to increase awareness among employees. You have to reach out to them and make sure they know that data on these devices can be placed at risk," he says.

Geinimi isn't the first Android Trojan to be found in the wild. Last summer Trojan-SMS AndroidOS FakePlayer, identified by Kaspersky Labs, would send text messages to premium services, potentially piling charges on users. That malware was limited to telecommunications networks in Russia.

Also last week, the BBC reported that researchers revealed how easy it is, using a toolkit they developed, to eavesdrop on any mobile call or text message made on a GSM network. Karsten Nohl and Silvain Munaut demonstrated the toolkit at the 27th annual Chaos Computer Club Congress (CCC) in Berlin.

Where the attackers head, investors see opportunity. Lookout Mobile Security announced on Dec. 23r that it raised an additional $19.5 million in third-round funding led by Index Ventures. The round also included Accel Partners and Khosla Ventures.

Join the discussion
Be the first to comment on this article. Our Commenting Policies