As the year ended, a new threat for the Android OS was found in ANDROIDOS_GEINIMI.A, which spread from certain third-party app stores in China.
This new threat spread using legitimate applications distributed via third-party stores. These versions, however, were Trojanized to add malicious code. These run completely in the background with no visible differences from the legitimate application. The added code steals a wide variety of information from the user’s phone such as:
- Installed/Running applications
- Subscriber information (IMSI number, SIM serial number, network provider, etc.)
- Phone information (IMEI number, manufacturer, model, etc.)
- Current user’s location (via GPS)
Some reports described this as a mobile botnet that is capable of issuing commands associated with botnets such as installing/removing apps. It also examines the user’s contact list and messages. However, it’s not clear if it can really act as a full botnet, as no commands have actually been sent to affected smartphones. What the people behind this attack will do with the wealth of information they gather remains unclear.