Researchers have discovered a piece of Android malware that carries out malicious activities.
They include: showing series of ads, participating in distributed denial-of-service attacks (DDoS), creating shortcuts on the device, sending text messages to any number, opening pages on popular social networks, redirecting web traffic, downloading and installing other apps and silently subscribing to paid services.
But the biggest offence it's capable of, is becoming a cryptocurrency miner that is so aggressive that it can physically damage infected phones.
The name is Loapi (Trojan.AndroidOS.Loapi), and it's hidden inside apps that are distributed through third-party markets, browser ads, and SMS-based spam.
Researchers from antivirus provider Kaspersky Lab have dubbed it a "jack of all trades" to emphasize the breadth of nefarious things the malware can do.
As a cryptocurrency miner, Loapi-infected apps contain a module that mines Monero. The module allows the malware creators to generate new coins by leaching the electricity and hardware of infected phones.
Monero is known as a digital currency that is less resource intensive than Bitcoin or most other cryptocurrencies. While it has less demands, it didn't stop miners to use Loapi from straining infected phones. According to Kaspersky Lab researchers that tested Loapi in a lab setting, the mining is so aggressive that after two days the battery in the phone bulged that it deformed the back cover as a result of high internal heat..
Crytocurrencies are volatile in nature. But due to the surge in prices, hackers want to make use of the moment.
Many have used their websites to mine those digital currencies by putting JavaScript-based cryptocurrency miners. The scripts run on visitors' browsers and use the CPU power to mine Bitcoin or other cryptocurrencies.
The examples include some popular video streaming sites including Openload, Streamango, Rapidvideo, and OnlineVideoConverter. They were hijacking CPU power from their over hundreds of millions of visitors to mine Monero cryptocurrency.
Previously, The Pirate Bay was also caught implementing the strategy.
As for Loapi, it's disguised as fake anti-virus and porn applications
According to Kaspersky, Loapi when first discovered, has impersonated at least 20 variations of adult-content apps and legitimate antivirus software from AVG, Psafe DFNDR, Kaspersky Lab, Norton, Avira, Dr. Web and CM Security, among others.
Upon installation, Loapi forces the user to grant it 'device administrator' permissions by looping a pop-up until the victim clicks yes. This will give the malicious app the privilege to run.
Because Loapi self-preserves, after it resides, it restricts users from accessing the device administrator menu by closing it whenever it’s opened from the settings menu, and prevents users from uninstalling the infected host app. What’s more, it prompts users to uninstall any applications on the device that might pose a threat to it, like security apps and malware scanners. If the user doesn’t uninstall them, the prompt shows continually as a toast message.
Loapi works by communicating with the module-specific command and control (C&C) servers, including advertisement module, SMS module and mining module, web crawler, and proxy module. It needs them in order for its different functions to work on infected devices.
"Loapi is an interesting representative from the world of malicious Android apps. It’s creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device," the researchers concluded.
Fortunately, the Loapi malware only exists on apps outside Google's Play Store. Because it failed to make its ways there, users who downloads apps from Google won't be affected by the malware.
However, users are always advised to remain vigilant even when downloading apps from Play Store because malware can also make its way to the store from time to time.
Related: Digmine Cryptocurrency-Mining Bot Is Spreading Through Facebook Messenger