January 4, 2011

Androidos. Geinimi.A

This is another trojan that affects the Android OS and it is considered as more dangerous as it is spreading more and due to the increased potential for damage, or both, that it possesses. This Backdoor may be unknowingly downloaded by a user while visiting malicious websites that can download malicious content in to the mobile phone. It connects to the server of those sites and sends and receives commands from malicious user.


The following are the sites that will be accessed by the trojan:


  • www.ifu.com
  • www.re.com
  • www.jd.com
  • www.st.com
  • www.sj.com
  • www.sl.com
  • www.ir.com
  • www.oa.com
  • www.du.com
  • www.cr.com 

This trojan will
  • make a count of  installed packages and running applications on the phone and sends the data to a
  • Starts/Runs an application and downloads other applications
  • It installs/uninstalls an application
  • Retrieves GPS coordinates of the phone
  • Parses/Reads through saved contact information and the messages that are sent or received 
  • When internet is used it will save browsing history, country, data on autosdkver, data on CPID, PTID, sdkver, device ID, serial number, state of the SIM, subscriber ID, type of network service.
  • It also takes the phone's details like manufacturer, board, brand, model, type, user, time etc. 
Prevention: 

  •  While going online on an android do not download anything from sites other than the manufacturer's or the designated software site.
  • Take utmost care while opening any sites on your phone.
  • After getting infected scan your phone connecting to a system with a good anti-virus program like TrendMicro, Norton, McAfee as most of the companies have updated the anti-virus definitions to their products to remove this virus.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More