virus logo Mobile Virus

Android/Geinimi.B!tr

description-logoAnalysis

Android/Geinimi.B!tr is a variant of Android/Geinimi.A!tr.
The differences are mainly technical.


Technical Details


This variant obfuscates several of its strings and commands by DES encryption. The key has changed and no longer is 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 but 
0x00 0x01 0x02 0x07 0x08 0x00 0x08 0x04

Additionally, Android/Geinimi.B!tr now consists in two Android applications:
  1. the APK of the malware. This component handles communication via sockets. It also launches the other APK.
  2. t.jar: another APK
Note the malware does not actually install the second APK, but launches it via the following command: 
/system/bin/dalvikvm -cp /data/t.jar BMain& > /system/etc/init.d/51gfan
This second APK contains the remaining malicious aspects.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2022-01-12 89.08633
2021-12-29 89.08213
2021-01-12 83.25000
2021-01-06 83.09400
2020-12-23 82.77400
2020-12-23 82.77300
2020-12-23 82.77200
ID 3302892
Released Nov 16, 2011
Description
Updated		 Nov 16, 2011
Aliases Trojan-Spy.AndroidOS.Geinimi.bi (KAV)
Platform Profile Android platform