An advanced new Android trojan named Geinimi has been found in the wild, mobile security firm Lookout reports.

The trojan is possibly the most sophisticated piece of Android malware so far, with the ability to steal your personal data and send it to a remote computer, as well as take commands from a remote server, which would effectively turn your Android device into a zombie inside of a botnet.

The detailed description of everything Geinimi can do sounds scary: it can send your location, device identifiers (IMEI and IMSI) and list of installed apps to someone. It can also download an app and prompt the user to install it.

The real threat to end users isn't very big, however. You can install Geinimi on your Android device only if you install an infected app, and Lookout reports it only saw those in third-party Chinese app stores. Most users download apps from the official Android market, which is a much safer option; if you must install an app from a third-party store, make sure it's safe before you do.