Tweet

As the year ended, a new threat for the Android OS was found in ANDROIDOS_GEINIMI.A, which spread from certain third-party app stores in China.

This new threat spread using legitimate applications distributed via third-party stores. These versions, however, were Trojanized to add malicious code. These run completely in the background with no visible differences from the legitimate application. The added code steals a wide variety of information from the user’s phone such as:

• Installed/Running applications
• Subscriber information (IMSI number, SIM serial number, network provider, etc.)
• Phone information (IMEI number, manufacturer, model, etc.)
• Current user’s location (via GPS)

Some reports described this as a mobile botnet that is capable of issuing commands associated with botnets such as installing/removing apps. It also examines the user’s contact list and messages. However, it’s not clear if it can really act as a full botnet, as no commands have actually been sent to affected smartphones. What the people behind this attack will do with the wealth of information they gather remains unclear.

Trend Micro protects users via the just-launched Trend Micro™ Mobile Security for Android. In particular, it is capable of monitoring apps in real time and blocking the execution of malicious code: