Geinimi Android Trojan horse discovered

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

AndroidThere has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.

The Troj/Geinimi-A malware (also known as “Gemini”) has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.

Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn’t correct. For instance, in the past we’ve seen banking malware has been found in the Android Market, security researchers have demonstrated spyware rootkits for Android devices, and users have been warned about Trojans from Russia which send SMS text messages to premium-rate numbers.

Android application settingsIn the case of the Geinimi malware, the good news is that it appears not to have made it into the official Android market app store – meaning that you would only have been putting yourself at risk if you installed poisoned software from an unauthorised source. Researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.

Sign up to our free newsletter.
Security news, advice, and tips.

And you have to deliberately change the settings on your Android smartphone to make it possible to install software from such “unknown sources”.

So, the sky is not falling – and it’s not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.

Android is a much more “open” operating system than the Apple iOS used on iPhones and iPads, and Android users don’t have to jump through as many hoops to install applications that have not been made “officially” available.

And, it shouldn’t be forgotten that not all attacks are OS-specific. Phishing attacks, for instance, don’t care what operating system you’re running – they just rely on you not taking enough care about the link you are clicking on (something that’s pretty easy to do when you have a small screensize to view a – perhaps – long url).

And increasingly we are seeing examples of threats which only exist “within the browser” or spreading entirely inside a social network, never touching your smartphone’s operating system.

So there are dangers out there whatever kind of browsing device you are using. Desktop or laptop, mobile or tablet.

Sophos products can detect samples of the Geinimi Trojan we have seen to date as Troj/Geinimi-A.

Image source: Laihiu’s Flickr photostream. (Creative Commons)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.