DailyTech - Android Trojan Let Loose in China, Creating Botnet

Submit News

Gadgets Android Trojan Let Loose in China, Creating Botnet
Jason Mick (Blog) - December 30, 2010 10:07 AM

23 comment(s) - last by radzer0.. on Dec 31 at 4:06 PM

Lookout Mobile Security warns of a new Android trojan that has slid itself into apps in China's underground third party app markets. The trojan appears to be creating a botnet. Lookout offers a free security app that will remove the malware. (Source: Lookout Mobile Security via All Things D)

Google can do little to stop it as malware is spreading in third-party app markets

Android is starting to pick up steam in the world's biggest nation – China -- in terms of both population and cell phone use. With its rise in popularity, a number of third-party app stores have popped up alongside the official Android Marketplace. While these third parties distribute paid software, they are also popular as they take more of a lax stance to potentially pirated or cloned apps.

The dark side of the under regulation of these third-party app distributors has reared its ugly head, with a new trojan virus preying on unsuspecting Chinese Android users.

According to Lookout Mobile Security, a startup that is emerging as promising party in the hot mobile security market, a sophisticated Trojan named Geinimi has infiltrated third-party app markets in China and is constructing what appears to be a smartphone botnet.

The firm writes in a blog, "Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions."

Lookout Mobile Security's free and paid software has been updated to root out the nasty package.

The company is hot off a third series of venture capital funding in which it raised $19.5M USD. It faces tough competition from DroidSecurity, a rival Israeli startup that was just scooped up by AVG.

According to mobile security experts we've spoken to, Android is generally more secure than iOS(the operating system used by the iPhone and iPad). And Google does a good job scouring its Android Marketplace for potential malware. Nonetheless, Android users are attacked almost as much as Apple users, given their tendency to modify their phones more and use third party app stores at a higher rate.

Unlike Apple, which has actively opposed such practices, Google has practiced a more liberal policy concerning unofficial apps and phone modification. The Chinese market, in particular, has seen a dramatic rise in cell phone malware of late.

Comments

Threshold

Username
Password
remember me

This article is over a month old, voting and posting comments is disabled

Stick with the original

By xeno81 on 12/30/2010 10:29:17 AM , Rating: 1

Chinese knockoffs now include alternate Markets?

Just stick with the original. Jeez.

RE: Stick with the original

By ltcommanderdata on 12/30/2010 10:43:36 AM , Rating: 2

I thought one of the primary advantages of Android is the option to use third-party app stores? I'm sure there's a quote somewhere about great powers and great responsibility.

Parent

RE: Stick with the original

By mcnabney on 12/30/2010 11:19:09 AM , Rating: 3

I wouldn't use a third-party app-store, but I have sideloaded a number of thoroughly vetted apps.

Parent

RE: Stick with the original

By bah12 on 12/30/2010 12:07:21 PM , Rating: 5

It all boils down to stupid, gullible, greedy end users that are suckers for "free" stuff. Ultimately you can't have a secure system if the user is allowed to choose. Apple knows this, and although I personally want the freedom of choice, people like my mother NEED an Apple to step in and keep them from being a moron (yes I just called my own mother a moron...sorry mom).

Apples way is the "big brother" approach, and as the name implies, it does just that acts aggressively to enforce the rules and prevent you from doing harm to yourself.

Google is the "free for all/open source way". It is the way I prefer because I'm a professional that likes choices. But as such any bad things that happen are my own fault for venturing outside of the safe market place.

Ultimately you are right "great power" and such, but one can hardly chastise Google for it. I think the user base needs both systems, and neither method is perfect.

Parent

RE: Stick with the original

By kmmatney on 12/30/2010 12:28:11 PM , Rating: 2

I've been pretty happy with the Apple + Jailbreak combo. I get the confidence that most of Apps are secure, but can also install custom Apps, like tethering and themes, as needed,

Parent

RE: Stick with the original

By Luticus on 12/30/2010 1:56:16 PM , Rating: 5

So, essentially, what you're saying is: "Apple, for people who are to stupid to use real computers".

Screw big brother... whatever happened to "personal responsibility"?

Parent

RE: Stick with the original

By wifiwolf on 12/30/2010 2:49:40 PM , Rating: 3

Right. But the world majority is not aware / smart people.

And as a side note, android only lets you use third party markets if you select an option which is unchecked by default.

Parent

RE: Stick with the original

By artemicion on 12/30/2010 3:02:44 PM , Rating: 5

Plumbers, for people who are too stupid to fix their own leaks and busted pipes.

Auto shops, for people who are too stupid to replace their own brakes and transmission fluids.

Carpenters, for people who are too stupid to install their own cabinets.

It's funny, I think one of the main reasons that so many techies hate Apple is because they are too self-deprecating to appreciate the fact that they actually possess a valuable real-world skill. Tech-savvy people dismiss their own adeptness with computers as a skill too insignificant to pay for (which is why we are outraged at people who go to Best Buy's Geek Squad) and laugh at people who fall victim to viruses (which is why we dismiss the value of Apple's closed platform).

Take some pride in your own skills guys! Not everybody in the world is skilled enough to fix their own computers and figure out how to install and use open-platform software.

Parent

RE: Stick with the original

By ShaolinSoccer on 12/30/2010 4:17:21 PM , Rating: 1

You should be rated a 6!

Parent

RE: Stick with the original

By sprockkets on 12/30/2010 6:45:10 PM , Rating: 2

Dude, when's the last time you found a person born in the last 15 years have trouble operating a computer?

This whole "computers aren't intuitive but Apple is" is a bunch of BS. It's the same people who return electronics because it "doesn't work" when they never bothered to open the manual and read it.

The problem also with your examples is that each and every one of those people had to go to a trade school and learn how to do those trades. Doors, cars, plumbing and other stuff cannot be made "intuitive" enough to be worked on every blue moon and still meet stringent requirements for operation.

"Make a system fool proof and only a fool would want to use it."

Parent

RE: Stick with the original

By chemist1 on 12/30/2010 11:51:56 PM , Rating: 2

I agree with artemicion, and think your reply is way off the mark. Basic computer operation is like driving a car---accessible to most. Likewise, doing basic computer maintenance is like doing basic car maintenance---something that most could do, but will bother with (and acquire the skill for) only if the area interests them.

The type of basic auto maintenance tasks artemicion gives as examples (note he or she carefully specified replacing brake pads and transmission fluid, and not, say, rebuilding a transmission) most certainly do not require attending a trade school. The idea that one needs to go to trade school to do such things is absurd. I and many of my friends, none of whom have attended trade school, can readily perform such basic tasks. And so could most anyone else, if they put in a modicum of effort to learn how.

Parent

RE: Stick with the original

By sprockkets on 12/31/10, Rating: 0

By sprockkets on 12/31/2010 11:53:01 AM , Rating: 0

quote:
And so could most anyone else, if they put in a modicum of effort to learn how.

That's the key word - effort. It is not that they can't, it is that they won't. And that is quite sad.

Would you prefer we make the english language "intuitive" and have it bastardised to something like txtspeak used in cell phones?

Or do you prefer we learn it, hard as it is, and appreciate its ability to express thoughts in music and poems?

Apple's iphone has got to be the worst POS ever made. Look at the sides? Notice something missing? That's right, one freaking button. Steve can't have a button for you, because it would be "too complicated" for the average user to have.

App developers bitch and moan about it, since they can't use the volume buttons for camera operation - its against the rules, because it would be "confusing" and ruin apple's "perfect" ecosystem.

Is that how stupid apple users are? Can't handle a button like every other phone in the world? If that is the case, don't buy a smartphone.

quote:
The type of basic auto maintenance tasks artemicion gives as examples (note he or she carefully specified replacing brake pads and transmission fluid, and not, say, rebuilding a transmission) most certainly do not require attending a trade school.

Wrong. I dare someone to go up to a set of disc brakes and be able to figure out how to do it without instructions, or the right tools. For that matter, properly replacing brake pads car fluids requires correct training and expensive tools for modern cars. Forgetting one simple step in replacing coolant can lead to cracking the engine.

Parent

RE: Stick with the original

By DanNeely on 12/30/2010 12:17:01 PM , Rating: 2

IIRC a lot of them only have access to 3rd party app stores because they're running unofficial forks and haven't (can't?) gone through the Google approval process.

Parent

Android is to iOS as...

By therealnickdanger on 12/30/10, Rating: 0

RE: Android is to iOS as...

By JakLee on 12/30/2010 12:57:40 PM , Rating: 3

if you give customers ANY computer (or computer-like object) they will break it regardless of the OS.

Parent

RE: Android is to iOS as...

By damianrobertjones on 12/30/2010 6:17:35 PM , Rating: 2

..SO, why haven't these people had a good go at iPhones etc?

Parent

RE: Android is to iOS as...

By Tony Swash on 12/31/2010 2:13:31 PM , Rating: 2

quote:
Windows is to MacOS.

If you build it, they will come. More open design leads to greater adoption leads to greater exploit leads to greater scrutiny... Granted, ANY hacked or unofficial OS may be open to greater exploit, it comes with the territory. This is something Apple knows full well: if you give your customers more options, they will break something. LOL

Emotionally satisfying thoughts for some - but simply not true.

Rather than rehash the endless speculative arguments about the Android is Windows meme let's simply book mark this comment and come back in a year, after the iPad2 sales explosion, the Verizon iPhone and iPhone 5, plus some other goodies, to see whether it is coming true. Time will tell :)

Parent

All Your Base...

By paydirt on 12/30/10, Rating: 0

RE: All Your Base...

By ClownPuncher on 12/30/2010 12:26:24 PM , Rating: 3

Shut the fuck up.

Parent

Pirated Apps contain Malware

By dark matter on 12/30/2010 11:45:28 AM , Rating: 2

Absolute non shocker.

My money is on the AV company producing this..

/cynical

Not surprising in the least

By KoolAidMan1 on 12/31/2010 3:12:31 PM , Rating: 2

No surprise why Apple and Microsoft are taking so much control over their smartphones, they don't want to repeat the malware nightmare that reigned over PCs.

Makes you wonder . .

By blueboy09 on 12/30/2010 2:47:19 PM , Rating: 1

if China is using these kids/hackers for other means of knocking down our infrastructure here. It's only a matter of time before China figures out how to crack ours. - BLUEBOY

Lookout...

By radzer0 on 12/31/2010 4:06:22 PM , Rating: 1

I tried to use lookout. It wont let you just install and use. It wants u to signup and make an account and all sorts of stuff. If i wanted to give a application all my info i would allow it in permissions. Shit, why the hell does this application need to be able to dial phone numbers (also allowed 900 numbers) at its own discression?

"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg