Botnet trojan added to Android games sold on Chinese thirdparty marketplaces

In many cases, Android's open nature compared to the likes of iOS and Windows Phone 7 is a big advantage. By the same token, however, it can also be a weakness.

One such fragility has been laid open in China, where apps being sold on thirdparty marketplaces have been found to be carrying trojan viruses.

Horsing about

As reported by mobile security firm Lookout, the apps in question – which include games such as Monkey Jump 2, President vs. Aliens, City Defense and Baseball Superstars 2010 – came loaded with a trojan called Geinimi, but only on the versions distributed via thirdparty stores in China.

"Based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers," Lookout says in a blog post detailing the issue.

"The most sophisticated Android malware we've seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities.

"Once the malware is installed on a user's phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone."

The firm concludes that Geinimi is being grafted onto repackaged versions of existing and – most importantly – legitimate applications for distribution on said marketplaces.

The original apps as found on Google's official Android Market are unaffected.

"Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet."

Such a security risk only serves to highlight the possibility of a confusing future for consumers making use of thirdparty marketplaces on Android - especially in developing markets, where vendors can't or don't always check the validity of the code they're hosting.

[source: Lookout]