Virus attacks Android phones in China - researchers

BOSTON Thu Dec 30, 2010 10:54pm GMT

A new HTC Android-based smartphone Legend is displayed during a news conference in Taipei March 24, 2010. REUTERS/Pichi Chuang

A new HTC Android-based smartphone Legend is displayed during a news conference in Taipei March 24, 2010.

Credit: Reuters/Pichi Chuang

Quotes

   

BOSTON (Reuters) - A powerful virus targeting smart phones in China running Google Inc's Android operating system may represent the most sophisticated bug to target mobile devices to date, security researchers said on Thursday.

Anti-virus firm Lookout Mobile Security estimates that the number of phones that have been infected by the virus, dubbed Geinimi, ranges from the tens of thousands to hundreds of thousands.

Researchers said that the virus has yet to wreak havoc, though, and that they were unsure what its authors were seeking to accomplish.

"It is not clear to us what the purpose of it is," said Kevin Mahaffey, chief technology officer for Lookout. "It could be anything from a malicious advertising network to an attempt to create a botnet."

A botnet is an army of enslaved computers that its controllers can compromise for identity theft, use to launch attacks to shut down websites or turn into spam email servers.

Still, the emergence of Geinimi underlines concerns that hackers are shifting from focussing on attacking PCs to targeting mobile devices as sales of the powerful handheld computers take off and users increasingly put sensitive data in their pockets.

Phones become contaminated with Geinimi when users download software applications that have been repackaged to include the virus, according to researchers from Lookout and Symantec Corp.

Tainted programs include versions of the video games Monkey Jump 2, President vs. Aliens, City Defence and Baseball Superstars 2010, according to Lookout.

Lookout researchers said that so far they have only found the tainted software at third-party apps stores targeting the Chinese market. Legitimate versions of the applications in the official Android market appear to be safe, they said.

Compromised phones call back to a remote computer for instructions on what to do at five-minute intervals. Then they transmit information on the device's location, its hardware ID and SIM card back to the remote computer.

So far the remote computers have been collecting data but have not issued any other orders to the infected phones, Mahaffey said.

Liam Murchu, a research manager with anti-virus software maker Symantec, said that infected devices could be ordered to make calls, send text messages and download other malicious software onto the phones.

(Reporting by Jim Finkle; Editing by Phil Berlowitz)

Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.