Versatile Android Malware Can Cause Physical Damage to Phones

Cybersecurity firm Kaspersky Labs reported Monday on a new “jack of all trades” Android malware threat they’ve dubbed Loapi.

• By Jessica Davis
• Dec 19, 2017

Cybersecurity firm Kaspersky Labs reported Monday on a new “jack of all trades” Android malware threat they’ve dubbed Loapi. According to Kaspersky Labs’ report, the malware is capable of multiple kinds of attacks and its workload can even physically damage a phone after a few days of being installed.

Loapi malware is installed via malicious apps, some disguised as antivirus solutions, that are available for download outside of the Google Play app store. After installation, the malware demands administrator rights, spamming the screen with notifications in a bid to get desperate users to give in and tap OK.

If users try to revoke device manager permissions, the malicious app locks the screen and closes the settings window. If users try to download actual protective apps, such as a real anti-virus app, Loapi declares them malware and forces the user to OK their removal.

The Loapi malware, once installed, can carry out many kinds of attacks. It aggressively displays advertisements on a user’s phone as well as using it as part of an advertising click fraud scheme. It can also use the phone as part of a DDoS attack.

Another module of the malware can sign up users to paid subscription services. Because Loapi also has SMS messaging functionality, it can confirm by text any subscriptions that require confirmation as part of sign-up, and all messages (outgoing and incoming) are immediately deleted. According to Kaspersky, the advertising and subscription sign-up features made 28,000 different requests in a 24-hour period.

Kaspersky discovered that the Loapi malware is set up with the ability to adapt to any new function its creators might want, such as ransomware, spyware or a banking Trojan.

In addition to these abilities, Loapi also uses smartphones as cryptocurrency mining modules, specifically to mine Monero tokens.  Cryptocurrency mining is such a processor-intensive process that 48 hours after Kaspersky’s test phone was infected, the battery overheated, expanded and burst out of the phone case.

To avoid installing malware on your Android device, Kaspersky recommends installing apps only from official stores, disabling the installation of apps from unknown sources, only installing apps that you really need and installing and regularly using proven anti-virus protection for your Android device.