Android crypto-mining malware can cause device damage

by Mark Tyson on 20 December 2017, 13:11

Tags: Google (NASDAQ:GOOG), Kaspersky

Quick Link: HEXUS.net/qado25

Add to My Vault: x

A newly discovered Android malware variant has been seen to cause physical device damage in tests undertaken by Kaspersky Lab researchers. Trojan.AndroidOS.Loapi, or just Loapi for short, is a complicated modular malware that can operate in various nefarious ways. Loapi can “mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more,” asserts the Kaspersky SecureList blog, which describes the Trojan as a ‘jack of all trades’.

The headlining aspect of Loapi is its capability to run cryptocurrency mining software, and its aggressive nature causing a test device to deform due to being under constant heavy load over two days. A battery bulge formed due to the mining module and heavy web traffic, say the Kaspersky researchers (see below)

Battery bulge

Loapi infected apps were found in the wild in a wide range of programs offering anti-virus protections, device optimisations, and porn. Kaspersky found Loapi distributed in downloads via unofficial app stores, advertising, SMS-spam campaigns, and other techniques.

A selection of Loapi infected apps

If you are unlucky enough to download a Loapi Trojan infected app you will be pummelled into submission to accept administrator permissions – users are asked for them in a loop until the they agree. After agreement the app either hides away or simulates virus scanning or similar activity. Loapi will vigorously self-protect, say the security researchers, so if you try and withdraw permissions it will lock the screen or close the window with device manager settings before executing code asking you if they want your device to be wiped. Furthermore, Loapi maintains a list of programs that are a threat to it, and its ‘scanner’ will prompt users to delete apps such as Kaspersky Internet Security.

Loapi doesn’t just mine cryptocurrency, its other existing modules can insert ads, send SMS, load up and join web subscriptions and more. It was found that Loapi checks for root when installed, but as yet doesn’t do anything requiring such privileges.



HEXUS Forums :: 4 Comments

Login with Forum Account

Don't have an account? Register today!
…….WhatsAPP, AVG, AVIRA ……?? hackers can also back door their own Kaspersky mobile App
Probably they are just copying the icon and made a fake app that looks like the one they are pretending to be
AVG is a massive POS. My company has struggled to use it for our clients for the past 5-6 years. It has about a 1% detection success rate and about a 99% false-positive detection success rate. And since AVG bought Avast!, even the Avast! product has seen itself go down hill. I used to trust Kaspersky in the late 90s early 2000s, and then they started doing bad stuff and working for the Russian goverment, so that trust has long gone out the window.

And to put my conspiracy hat on for just a sec, Kaspersky “found” this malware? Where? In their internal virus lab? :P
“and then they started doing bad stuff and working for the Russian goverment”

mindless follower.