Security woes: Android Trojan virus with botnet-like capability lurking in the wild

The breach

Android users who are going all bonkers downloading third-party apps other than the Android Marketplace resource need to seriously curb their actions, because there is an Android Trojan with botnet-like functionality lurking in the wild. Named as Gemini, this advanced Trojan developed for Android devices can compromise your personal phone data and let remote servers take control of your system.

android trojan virus geinimi

How it unearthed

Gemini Trojan apparently popped-up from China via phony versions of legitimate applications that are being distributed as third-party apps.

How it works

After the user unintentionally runs the malicious apps containing Gemini, it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). Then it connects to a remote, a subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

Gemini has the listed below capabilities

• Send location coordinates (fine location)

• Send device identifiers (IMEI and IMSI)

• Download and prompt the user to install an app

• Prompt the user to uninstall an app

• Enumerate and send a list of installed apps to the server

Affected domains

The apps that seem to be affected by Gemini are gaming applications posted in Chinese app stores, including Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

How to keep safe

• Only download apps from Android Marketplace

• If you want to download third-party apps then make sure you read publisher information and app ratings

• Download and install AVG anti-virus security to stay doubly safe

Via HowtoGeek