New Android Malware Loapi Attacks Phones in Five Different Ways

Android phones have always remained the soft target of malicious threat actors since every now and then we hear about a new malware strain hitting innocent android users. The same has happened in this case where a new malware is targeting Android phones.

This particular malware, dubbed as Loapi, is an evil piece of code that can perform five different malicious activities including mining cryptocurrencies, conducting DDoS attacks and causing the phone’s battery to the bulge that leads to the destruction of the phone after few days of its installation.

What happened when researchers installed the malicious application on a test device

It also runs an advertising fraud scheme; the victim feels that they are visiting advertisers’ web pages and every time an ad is clicked the advertiser is paid some amount. Through the capability of mining Monero, the malware runs web requests and signing the device for different subscription services whenever the attacker sends a command.

The malware was discovered by Kaspersky Labs researchers and given the wide range of malicious functions that it performs researchers are claiming it to be Jack of All Trades. Loapi has a complex modular structure that is different from other malware that have attacked Android devices so far. It contains an advertising module, proxy module, texting module and Monero mining module. Moreover, this threatening malware is capable of evading detection as well.

“We’ve never seen such a ‘jack of all trades’ before,” researchers from Kaspersky wrote in their official blog post published on Monday.

Over 20 malicious apps that are downloaded from third-party platforms and are mostly mobile antivirus or adult apps are responsible for infecting Android phones with Loapi. Victims are lured towards these apps through misleading advertisements. The user is bombarded with never-ending popups and there comes a time when the victim gives in to whatever the malware is requesting for, which usually is getting admin rights. When the rights are acquired, the malware deletes the antivirus to avoid detection. When the user tries to deactivate the administrator account, the Loapi-infected apps close the Settings menu and the device has to be booted in Safe Mode to delete Loapi.

Loapi attacks a user in two different ways; firstly, it sends SMS messages and secondly, a group of phones infected with Loapi is created to flood a server with traffic to such an extent that the server resultantly collapses.

Loapi is an aggressive malware that made around 28,000 different requests of advertising and subscription within a 24 hour period. It must be noted that since cryptocurrency mining is a processor-intensive feature that’s why it is possible for Loapi for draining the system’s resources quickly. When the battery gets overheated, it expands and ultimately bursts out from the phone case.

“Loapi is an interesting representative from the world of malicious Android apps. Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time,” warned researchers.

The good news is that currently Loapi hasn’t invaded Google Play Store but Kaspersky Lab researchers identified 85 apps that were already trojanized that can steal’s login credentials.

Related Posts