Security

How the Loapi Android malware nearly blew up a smartphone

The 'jack-of-all-trades' Trojan can also serve endless ads and launch DDoS attacks.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Loapi is a new Android malware that focuses on mining cryptocurrency, causing one researcher's phone battery to swell and burst the back cover.
  • The Loapi Trojan was found in about 20 apps and it can also serve constant ads and even launch DDoS attacks from an infected device.

A newly-discovered Android malware put so much pressure on one smartphone's processor that it nearly caused the device to explode. The Loapi Trojan, recently reported by Kaspersky Labs, puts the pressure on the processor through its mining of the cryptocurrency Monero, but it can also launch a ton of other processes that could cost a victim time and money.

"Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," Kaspersky said.

In addition to mining cryptocurrency, the Trojan can also serve up a ton of annoying ads to make money or boost traffic, subscribe users to paid services, send SMS messages to any number, launch DDoS attacks (with the help of an HTTP proxy server), and more, the post said. There are no espionage or spying features, but the malware is architected in a way that would allow those functionalities to be added.

SEE: Information security incident reporting policy (Tech Pro Research)

In a separate post, Kaspersky Labs researchers called Loapi a "jack-of-all-trades," writing that they'd never seen an attack that could perform such a broad variety of malicious activities. Loapi could be the first sign of a next-generation of mobile malware that works to earn money for attackers while also causing physical damage to a device and multiple headaches for a user.

Loapi was found hidden in more than 20 apps, and could also make its way onto a victim's phone if they click an ad banner. Most of the examples found by Kaspersky were masquerading as some sort of antivirus solution or an adult content site.

Once the Trojan makes its way onto a victim's device, it will begin demanding admin privileges with endless pop ups until the user relents and grants them, the Kaspersky Labs post said. Once it has these privileges, it can perform the malicious activities that make money for its creators.

What's even more interesting is that, if the user attempts to revoke admin rights, the malware will fight back by locking the screen or closing the settings window so the user cannot change the privileges, the post noted.

Researchers also noted that Loapi may have ties to the older Podec malware.

To avoid an app that is potentially carrying Loapi, Kaspersky Labs researchers recommended that users only use the official Google Play Store to download apps, disable app installation from unknown sources, stick only with the apps you really need, and download a proven and certified antivirus solution.

Also see

loapi.jpg
Image: Kaspersky Lab

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox