Security researchers from Russian cybersecurity firm ‘Kaspersky Lab’ have discovered a new strain of malware that targets Android smartphones, lurking in fake anti-virus and porn applications.
Dubbed Loapi, the new Android Trojan is capable of performing a plethora of malicious activities—from annoying s with constant ads, mining cryptocurrencies, redirecting web traffic, launching DDoS attacks to ing and installing other apps. Loapi has a complicated modular architecture that lets it conduct those many malicious activities.
The Android smartphone for 2 days and noted that because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover.
According to the researchers, Loapi, which may have been created by the same cybercriminals responsible for the 2015 Android malware Podec, is distributed on third-party app stores and online ments. These usually disguise as apps for “popular antivirus solutions and even a famous porn site.”
Described as a “jack-of-all-trades” by the researchers, this Trojan.AndroidOS.Loapi also aggressively fights to protect itself. After the malicious files are ed and installed, the app obtains device permissions by using popups. If the tries to take away these permissions, the malicious app locks the screen and closes the window with device manager settings.
After acquiring privileges, the malicious app either hides its icon in the menu or simulates various antivirus activity, depending on the type of application it masquerades.
The malware communicates with the module-specific command and control (C&C) servers and receives a list of apps that pose a danger. This list is used to monitor the installation and launch of those dangerous apps. If one of the apps is installed or launched, then the Trojan shows a fake message claiming it has detected some malware and, of course, prompts the to delete it. The will be spammed with an endless stream of popups until the finally agrees and deletes the application.
In order to get rid of Loapi, s will need to boot to safe mode.
