So here we at the dawn of a new year, looking out to the unknown opportunities that await us. The Smartphone market is ripe for the next great leap forward, and out of China comes something that forces us to take a big step backwards. Gemini, or Geimini, is the latest Trojan to impact the Android operating system. Notice, I didn’t say the first Trojan. There have been others, like Trojan-SMS last summer, and just like that one, this Geimini Trojan disguises itself as an application. The Trojan collects information from the device, connects to remote systems and has the potential of receiving commands. All pretty common stuff for a Trojan, but new to the Smartphone space.
But before you go running around saying the sky is falling, there are a couple of things you should know:
- The Trojan cannot infect your Android through an OS vulnerability. The end user must choose to install it.
- Currently, it is only being downloaded from 3rd party app stores in China (though it’s always possible for this to change).
- It’s not being distributed through the official Google Android Market.
This could be just the beginning of things to come for the mobile marketplace. It could be just a matter of time before one of these Trojan apps makes it into the Android or even Apple Marketplace. With hundreds of thousands of applications already available through Google or Apple it’s just a matter of time before one slips through that has either sleeper code that is awoken after a certain date, or through an online update, becoming the first full-blown Viral outbreak in the mobile world. The handheld phones that we once considered almost inanimate objects might be just as vulnerable as the PC on the desk to malicious programs or malware that piggybacks on programs. Time to get defensive (again).
If history has taught us anything, it’s that the bad guys are always working on the next great attack, and that they are likely to target new technologies that are widely distributed. As always, be aware of your surroundings, and be careful what you let your users install on their Smartphones.