The Droid Army

The Lookout Mobile Security company is reporting a new trojan horse program that runs on Android based phones. The novel thing about this trojan is that it has enough functionality to allow the criminals to assemble an Android based botnet. This really should come as no surprise. The Android is not a phone with web browsing capabilities, it is a computer with telephony capabilities. The Android security model, while quite cool, is about as effective as the failed macro protection model in Microsoft Office 1997. For users who knew what the macro protection dialog meant, it was a fairly effective security measure, but most users simply clicked “yes” to allow macros to run. With the Android based phones the user is told what resources the application will have access to, but few users actually care or understand the implications.

Allegedly Google has the ability to remove applications. A researcher published a non-malicious proof of concept app that Google removed, however I am not certain if Google can remove non-app store applications. In the case of the Geinimi trojan, so far it has only been seen on third party app sites in China. Given the low bar set to get apps onto the Android Market Store, expect to see this or similar trojans from time to time in Android Market applications.

The Geinimi trojan is reported to be able to receive commands from remote servers and download further software. While the software and be downloaded, the user is still prompted to install it. It probably won’t take very much to trick a naïve user into thinking the download is a valid update.

Under Application settings on the Android there is an option to allow the installation of non-market applications. AT&T does not allow non-market apps, however most providers do. While it doesn’t take much to get on the Android market, non-market applications will probably be more likely to be dangerous. That said, Android Market applications already often compromise privacy, although probably no more so than Apple Store iPhone apps do.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC

Author ESET Research, ESET

  • Hank Anderson

    so when is the Android eset security suit comming?

    • Randy Abrams

      No word yet on if or when an Android product from ESET. Sorry. I am waiting too :)

  • Jimmy Jones

    Thats for sharing, it is realy important to have a anti virus on anything that is a working OS these days.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
30 Dec 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.