Hackers are aiming for users of Google's Android Mobile Operating System with a malicious application that harvests personal information and sends it to a remote server.
The malware, which has been named "Geinimi," appears to be the first one that has botnet-like capabilities targeted at the Android platform.
Those tampered applications are appearing on third-party web sites offering Android Applications that have not been vetted for security. Some of those programs have appeared to be downloaded thousands of times. The malware communicates with a central command-and-control server. The server can issue commands to a phone remotely, such as to download or uninstall software.
Geinimi also sends the Android device's location and other hardware identifiers, such as the device's International Mobile Equipment Identity (IMEI) number and SIM card information, to a remote server every five minutes. It can also send a list of the Android device's installed applications. The malware can contact up to 10 domain names that are used to upload the information to the remote server.
Posts
