- Threat Encyclopedia
- Malware
- ANDROIDOS_GEINIMI.A
Information Stealer, Malicious Downloader, Spying Tool
Android OS
Trend Micro has flagged this Android OS backdoor as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor may arrive bundled with legitimate applications. Analysis of its code reveals that it is capable of doing a number of routines to an infected smart phone where the Android OS is installed. These routines include enumerating installed packages and applications on the phone. It also installs, runs, and downloads other applications.
It also retrieves the infected phone's GPS coordinates. It parses through saved contact information as well as messages in the email and phone inboxes.
It executes commands from a remote malicious user, effectively compromising the affected system.
This backdoor may be unknowingly downloaded by a user while visiting malicious websites.
TCP port 4501 (IANA), TCP port 8791 (Unassigned), TCP port 6543 (lds_distrib), TCP port 5432 (PostgreSQL Database)
Varies
DEX
No
01 Jan 2011
Compromises system security, Gathers system properties, Steals information,
Arrival Details
This backdoor may be unknowingly downloaded by a user while visiting malicious websites.
Backdoor Routine
This backdoor opens the following ports:
It connects to the following URL(s) to send and receive commands from a remote malicious user:
As of this writing, the said sites are inaccessible.
NOTES:
It executes the following commands from a remote malicious user:
8.900
1.101.00
24 May 2011
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Step 2
Remove unwanted apps on your Android mobile device