Security researchers from Russian cybersecurity firm ‘Kaspersky Lab’ have discovered a new strain of malware that targets Android smartphones, lurking in fake anti-virus and porn applications.
Dubbed Loapi, the new Android Trojan is capable of performing a plethora of malicious activities—from annoying users with constant ads, mining cryptocurrencies, redirecting web traffic, launching DDoS attacks to downloading and installing other apps. Loapi has a complicated modular architecture that lets it conduct those many malicious activities.
The malware can perform so many more malicious activities at a time that can exploit a handset to the extent that within just two days of infection, it can cause the phone’s battery to bulge out of its cover. For analyzing a Loapi sample, the researchers carried out a test on an Android smartphone for 2 days and noted that because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover.
According to the researchers, Loapi, which may have been created by the same cybercriminals responsible for the 2015 Android malware Podec, is distributed on third-party app stores and online advertisements. These usually disguise as apps for “popular antivirus solutions and even a famous porn site.”
Described as a “jack-of-all-trades” by the researchers, this Trojan.AndroidOS.Loapi also aggressively fights to protect itself. After the malicious files are downloaded and installed, the app obtains device administrator permissions by using popups. If the user tries to take away these permissions, the malicious app locks the screen and closes the window with device manager settings.
After acquiring admin privileges, the malicious app either hides its icon in the menu or simulates various antivirus activity, depending on the type of application it masquerades.
The malware communicates with the module-specific command and control (C&C) servers and receives a list of apps that pose a danger. This list is used to monitor the installation and launch of those dangerous apps. If one of the apps is installed or launched, then the Trojan shows a fake message claiming it has detected some malware and, of course, prompts the user to delete it. The user will be spammed with an endless stream of popups until the user finally agrees and deletes the application.
In order to get rid of Loapi, users will need to boot to safe mode.