/ 31 December 2010

Virus attacks Android phones in China

A powerful virus targeting smart phones in China running Google’s Android operating system may represent the most sophisticated bug to target mobile devices to date, security researchers said on Thursday.

Anti-virus firm Lookout Mobile Security estimates that the number of cellphones that have been infected by the virus, dubbed Geinimi, ranges from the tens of thousands to hundreds of thousands.

Researchers said that the virus has yet to wreak havoc, though, and that they were unsure what its authors were seeking to accomplish.

“It is not clear to us what the purpose of it is,” said Kevin Mahaffey, chief technology officer for Lookout. “It could be anything from a malicious advertising network to an attempt to create a botnet.”

A botnet is an army of enslaved computers that its controllers can compromise for identity theft, use to launch attacks to shut down websites or turn into spam email servers. Still, the emergence of Geinimi underlines concerns that hackers are shifting from focusing on attacking PCs to targeting mobile devices as sales of the powerful handheld computers take off and users increasingly put sensitive data in their pockets.


Phones become contaminated with Geinimi when users download software applications that have been repackaged to include the virus, according to researchers from Lookout and Symantec.

Tainted programs include versions of the video games Monkey Jump 2, President vs Aliens, City Defence and Baseball Superstars 2010, according to Lookout.

Lookout researchers said that so far they have only found the tainted software at third-party apps stores targeting the Chinese market. Legitimate versions of the applications in the official Android market appear to be safe, they said.

Compromised phones call back to a remote computer for instructions on what to do at five-minute intervals. Then they transmit information on the device’s location, its hardware ID and SIM card back to the remote computer.

So far the remote computers have been collecting data but have not issued any other orders to the infected phones, Mahaffey said.

Liam Murchu, a research manager with anti-virus software maker Symantec, said that infected devices could be ordered to make calls, send SMSes and download other malicious software on to the phones. – Reuters