New Trojan Attracts Attention Of Information Security Experts

By Author: Peter Martin
Total Articles: 211
Comment this article

Recent years have witnessed tremendous growth in mobile phone usage across the world. Constant improvement in technologies and arrival of new devices including Blackberry, iPad, iPod and smart phones, which add to user convenience and experience have played a considerable role in increasing mobile phone usage. Another factor has been their increased penetration in emerging countries such as China and India. However, the popularity of mobile devices also makes them susceptible to attacks from hackers. Recently, a new Trojan named Geinimi has attracted the attention of information security professionals. The Trojan created in the wild in China affects the Android operating system. Criminals may use the Trojan to gain access to personal data on mobile phones and redirect them to remote servers. Security researchers consider Geinimi as first Android malware, which has botnet-like features. Unwary mobile phone users may inadvertently download a seemingly legitimate but fake application loaded with Geinimi Trojan.

Once ...
... inserted on a mobile phone, a remote attacker can direct commands to the Trojan and gain control over the phone. Geinimi may help the remote attacker to track the location of the mobile user, gain International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers, automatic download of malicious files. The mobile user may be lured frequently to install and install applications. The attacker may also direct the Trojan to share the list of installed files.

IT professionals may use ethical hacking to evaluate the security of mobile phones and applications. The tests may help an organization to understand the security threats in the mobile environment and initiate measures to prevent installation of Trojans, botnets and all forms of attacks from hackers. Some of the security evaluation tests on mobile devices include payload injections, social engineering attack and penetration tests.

Information stored in mobile phones is crucial not only for individuals, but also organizations such as intelligence agencies, law enforcement authorities, banks and financial institutions among others. The stored data may be highly significant for the aforesaid organizations as they may be useful for the successful completion of investigations and legal obligations. As such, information security needs due emphasis from IT security specialists.