Cybersecurity researchers have discovered a “jack of all trades” cryptocurrency mining malware called Loapi that is capable of destroying phones from within in two days.
A new strain of malware targeting Android phones, called Loapi, capable of triggering a number of malicious activities including cryptocurrency mining and DDoS attacks, can cause so much damage to a victim’s phone that it could cause the battery to bulge and explode the phone within two days.
The “jack of all trades” malware has an advertisement module, a texting module, a web crawling module, a proxy module and a module for mining Monero, an anonymous cryptocurrency.
“Loapi is an interesting representative from the world of malicious Android apps,” Kaspersky Lab researchers wrote.
The researchers warned:
Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device.
Its advertising module allows the malware to open various URLs on mainstream social networks like Facebook and Instagram. Loapi’s proxy module allows it to launch DDoS attacks while its mining module forces the infected Android phone to mine for Monero. Its texting module manipulates text messages and uses SMS texts to communicate wwith the attackers’ Command and Control (C&C) server. The module wipes text messages from the inbox and the sent folder to continue operating clandestinely.
“The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time,” researchers damningly added.
In order to get rid of the malware, users will need to boot the device in safe mode and remove Loapi.
Image credit: Pixabay.