Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/30/2010
10:36 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Trojan Targeting Android Phones

Geinimi malware displaying botnet characteristics can compromise a significant amount of information on a user's smartphone.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
A new Android Trojan that displays some botnet characteristics has emerged from China, Lookout Mobile Security warned on Wednesday.

Called Geinimi, the malware can compromise a significant amount of information on a user's Android smartphone and send it to remote servers, the security developer said in a blog. Once installed on the phone, it potentially could allow the server's owner to control the mobile device, said Lookout.

"Geinimi is effectively being 'grafted' onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions," Lookout said in its blog. "Though the intent of this Trojan isn't entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet."

Lookout has written and delivered an automated update to protect existing free and premium users from the Trojan, the company said.

Consumers can protect themselves from this -- and the anticipated surge in future Trojans targeting mobile apps -- by only downloading apps from trusted sources such as reputable developers, said Lookout. Likewise, users should use common sense when reading the permissions for each app, it recommended.

If a phone starts acting unusually, this could be a sign it has become infected: Some odd actions include unknown applications being downloaded without approval, SMS messages sent without approval to unknown recipients, and uninitiated phone calls being placed, for example. And, of course, Lookout recommends that all smartphone users download a security app.

In fact, smartphones make many CIOs nervous since they are highly portable and give the owner so much access to often sensitive information. In one Ovum study, 80% of IT executives said they think these devices increase the business' vulnerability to attack.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
CVE-2020-4969
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniq...
CVE-2020-26285
PUBLISHED: 2021-01-21
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an exe...
CVE-2020-26295
PUBLISHED: 2021-01-21
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and ...