Bad news if you’re a fan of installing Android apps from non-Market sources: an Android trojan with the potential to start a mobile botnet has begun to make the rounds.
Called Geinimi, the trojan is packaged onto otherwise legit-looking apps that users are lured into downloading. Right now it seems constrained to apps for the Chinese market, though its authors could easily distribute it amongst other populations of Android users.
From a first-pass analysis, security experts have uncovered some of Geinimi’s abilities. It gathers information about your phone and your location before sending them back to its creator. The full capabilities of the code aren’t yet known due to encryption used to thwart analysis, but it appears Geinimi can download additional apps on its own. Those apps could be used for other nefarious purposes, including orchestrating DDOS attacks.
The one saving grace is that even after Geinimi downloads an add-on package, it will still prompt you to authorize the installation. Though that sounds like a big roadblock that could lessen its impact, we’ve seen that Android apps can manipulate the screen to trick you into clicking through such authorizations.
For now, don’t worry too much, as Geinimi has yet to branch out globally. All the same, think twice about if you trust where your apps are coming from.