A sophisticated trojan dubbed Gemini is threatening Android devices in China and could spread to devices in other regions, according to a new report issued by the security firm Lookout.
The firm claims the trojan may be the most advanced bit of Android malware to date and is the first to display “botnet-like capablities.” That means that once the trojan is installed on an Android phone, a remote server will be able to access the device and gain a level of control over it — frightening stuff, indeed.
So far Gemini has been observed grafted onto legitimate apps — primarily games — that are downloaded to Android smartphones by unknowing patrons of third-party Android app stores. The infected apps reportedly then request an abnormal level of access to devices and then, boom, it’s a zombie-phone.
Once a device is infected, Gemini is capable of doing a host of nasty things: sending out user’s location, transmitting device identifiers, and downloading apps and then prompting the user to install them. It’s also capable of delivering a list of installed apps to an outsider server.
Just last week, security firm McAfee cited mobile platforms — including Android and iPhone devices — as top targets for cyber-criminals in the year 2011.
It’s not clear what Gemini’s masterplan is just yet, but one possibility is that it’s part of the schemings of a malicious ad network. So far, Gemini has only been spotted in apps from third-party Android marketplaces in China. If you’re not in China and are hypersensitive to mobile malware threats, you may want to consider sticking with apps from secure and trusted sources just to be safe.