In China, a trojan has popped up that uses escalated rights to read out information such as the address book in Android cell phones, and sends the information via the internet to remote servers. As the Lookout blog reports, the contaminant called Geinimi is the most refined method of collecting personal data yet, as it not only acts independently, but can also be remotely controlled by a server. Geinimi hides itself by encrypting the data it needs to run and by using an obfuscator for Java byte code.
In addition to the address book, the trojan can also read out the cell phone's position data, device ID (IMEI), SIM card number (IMSI), and a list of the installed apps. It is not yet clear what the developers of Geinimi are ultimately trying to do.
Geinimi comes as an add-on for common apps, most of them games sold in third-party app catalogues. According to the Lookout blog, the following applications are affected: Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010. The similarly named apps from the official Android Market are reportedly not infected. If you get your apps from obscure sources, you will want to be careful not to give them unlimited rights, which the apps request upon installation; instead contact the vendor to see what rights are actually needed.
