The press is abuzz with the news of a sophisticated virus, dubbed Gemini, which targets Android handsets. From the descriptions of what I read from the news reports, it looks like this is not really a virus but a Trojan or malware.
Users in China who have installed repackaged versions of legitimate apps like Monkey Jump 2, City Defense, President vs. Aliens and others have gotten infected with Gemini. The malware is part of the repackaged application which currently doesn’t destroy data on the phone.
According to Lookout Mobile Security’s blog post, It’s reported that once launced on the users’ mobile, Gemini can send the phone’s IMEI number, the SIM card’s IMSI number and the phone’s location and transmit these to a pre-programmed set of sites. They’ve also mentioned that the code in the Gemini malware is also capable of downloading programs straight on to the phone.
If you download apps for your phone only from the Android Market, you don’t have anything to worry about at this point, since only sideloading apps from unknown sources can load Gemini onto you phone. So don’t panic!
If you do regularly sideload apps by downloading the apk files and installing them on your phone, you’re at risk from this malware, and should immediately install Lookout’s Mobile Antivirus, or any other virus scanners capable of scanning for this application.
Sources: here and here via Lookout’s Blog Post