14 DAY TRIAL // The recently discovered Geinimi Android trojan which comes packaged together with apps from unofficial marketplaces is now targeting Japanese users.
Geinimi was discovered back in December and is believed to be of Chinese origin because that's where it was originally identified.
The trojan exhibits botnet-like capabilities. It connects to a command and control server and uploads information about the infected device, such as geolocation coordinates and unique identifiers.
Previous Android trojans focused on sending SMS messages to premium rate numbers set up by attackers in order to generate profit.
However, the motives behind Geinimi are not yet clear. What is know so far is that it's much more complex than any other Android trojan before it.
Its functionality is very diverse. It can read, collect, send and delete SMS messages, retrieve all contact information, make phone calls, silently download files and launch a browser to a specif URL.
It can grab a list of installed applications and upload it to the C&C server, as well as prompt users to install new ones.
Giving its feature set it can be used for anything from spying on mobile users to stealing credit or engaging in Web-based click fraud.
Symantec warns that the first Japanese-language app repackaged with Geinimi has been identified, suggesting the malware has begun spreading outside of China.
"The legitimate version of the application is sold at 525 yen (approx. $6 US) on the proper regulated Android marketplace. It allows you to do 'push-up', 'sit-up', and 'squat' exercises with an anime character," the Symantec experts note.
Fortunately, installing such tampered apps requires enabling a special feature on the phone which users might not be familiar with. Its use is more common in China or other regions where the Android Market is unavailable or has limited content.