New Android Trojan horse could prove costly

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Evil AndroidSome vendors are calling it HongTouTou, others have named it Adrd, and Sophos (rather unimaginatively in my view!) treats it as a variant of Geinimi, but whatever your anti-virus product chooses to call it, there’s no denying that a new Trojan horse for Android smartphones is making headlines.

The latest Trojan horse for Google’s Android operating system has been seen posing in Chinese third-party app stores as legitimate programs such as Wallpaper apps.

The official Android Market, run by Google, does not appear to be carrying the malicious apps – but if you go “off-road” and choose to install software on your smartphone from elsewhere on the net, then you could be putting your device at risk.

Android application settingsFor this reason, the vast majority of Android users probably have little to fear. But those who do install applications from unknown sources (known as “sideloading”) do need to recognise that they might be putting their smartphone, data and potentially finances in danger.

Sign up to our free newsletter.
Security news, advice, and tips.

Once installed, the malicious application can not only gather information about your smartphone (the device’s IMEI and IMSI), but it can also emulate clicks on particular search results – giving the visited websites the impression that it is a real mobile phone user choosing to visit their pages.

The assumption has to be that those behind the Trojan horse might be earning commission through the click traffic. Furthermore, of course, it could hurt you in your pocket by eating up data bandwidth.

Interestingly, the malicious code appears to have the ability to download updates for itself via the web, which could contain additional functionality.

Sophos has been detecting the Trojan as a variant of Troj/Geinimi-A since 00:15 BST on 15 February 2011.

For more information about the Trojan, check out the blog entry from the mobile security researchers at Lookout.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.