Android systems have been attacked before, but the Geinimi Trojan seems to take things to another level. Once it’s installed in the form of a game or app from a third-party app store, it starts giving out some relevant user information like the IMEI or ISMI number. Thankfully, the Lookout security app has listed out quite a few things for us.
The Trojan shows botnet-like capabilities by letting remote servers access user information and, in simple terms, let them control the affected user’s phone. Geinimi connects to remote servers that use one of the ten embedded domain names. Some of these subsets include www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com.
There’s some really sensitive information that’s been given out once Geinimi strikes. Here is what they do: