Geinimi originated in China, and is being distributed inside applications and games downloadable in third-party Android app stores. Once the application is launched on the user's smartphone, the trojan collects location data, as well as the device's IMEI and IMSI numbers, and a list of all the apps the user has installed on his device. It then attempts to contact a remote server every five minutes to send this information.
"Geinimi's author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities. In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted. While the techniques were easily identified and failed to thwart analysis, they did substantially increase the level of effort required to analyze the malware," Lookout said on Wednesday.
Lookout says the Geinimi Trojan has been found in versions of the games Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, and Baseball Superstars 2010, which are hosted on third-party app stores. The versions of these same games in Google's Android Market are safe to download.