A newly discovered Android malware variant has been seen to cause physical device damage in tests undertaken by Kaspersky Lab researchers. Trojan.AndroidOS.Loapi, or just Loapi for short, is a complicated modular malware that can operate in various nefarious ways. Loapi can “mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more,” asserts the Kaspersky SecureList blog, which describes the Trojan as a ‘jack of all trades’.
The headlining aspect of Loapi is its capability to run cryptocurrency mining software, and its aggressive nature causing a test device to deform due to being under constant heavy load over two days. A battery bulge formed due to the mining module and heavy web traffic, say the Kaspersky researchers (see below)
Loapi infected apps were found in the wild in a wide range of programs offering anti-virus protections, device optimisations, and porn. Kaspersky found Loapi distributed in downloads via unofficial app stores, advertising, SMS-spam campaigns, and other techniques.
A selection of Loapi infected apps
If you are unlucky enough to download a Loapi Trojan infected app you will be pummelled into submission to accept administrator permissions – users are asked for them in a loop until the they agree. After agreement the app either hides away or simulates virus scanning or similar activity. Loapi will vigorously self-protect, say the security researchers, so if you try and withdraw permissions it will lock the screen or close the window with device manager settings before executing code asking you if they want your device to be wiped. Furthermore, Loapi maintains a list of programs that are a threat to it, and its ‘scanner’ will prompt users to delete apps such as Kaspersky Internet Security.
Loapi doesn’t just mine cryptocurrency, its other existing modules can insert ads, send SMS, load up and join web subscriptions and more. It was found that Loapi checks for root when installed, but as yet doesn’t do anything requiring such privileges.