Android Malware

Researchers from antivirus provider Kaspersky Lab have discovered a new and significantly dangerous piece of malware that’s being called a “jack of all trades“. It bears this nickname because it can perform pretty much every treacherous digital action known to man.

What is Loapi?

Loapi, formally known as Trojan.AndroidOS.Loapi has modules for advertisement, SMS, web crawling, proxies, and also uses the Android version of minerd to perform Monero (XMR) cryptocurrency mining.

Oh, and on top of all of that, it’s self-protecting malware. Loapi aggressively fights any attempts to revoke device manager permissions. If the user tries to take away these permissions, the malicious app locks the screen and closes the window with device manager settings, executes code that prevents the malware from being removed from the infected device.

Some pretty serious shit, right?

Oh, and it’s destructive AF…

Tests were run on a device infected by the Loapi malware, and the results are quite shocking. After just two days of currency mining, the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover. It’s probably safe to say the damn thing would have exploded, had those tests run any longer.

Loapi Jack of All TradesThe photo above shows the aftermath.

How is Loapi distributed?

Loapi distributes itself via advertising campaigns. Malicious files are downloaded after the user is redirected to the attackers’ malicious web resource. Generally speaking, the malware masks itself behind the mask of antivirus solutions or adult content apps.

I say this to people all the time and they don’t believe me, but those antivirus apps will get you every time. (No comment on the porn apps, however.)

No samples of Loapi have been found on Google Play, so at least there’s some good news in all of this. All of the infected apps containing the malware come from third-party sources, which isn’t surprising in the least.

How to protect yourself

The best thing you can do to keep yourself safe here is to steer clear of Antivirus and porn apps altogether. Google Play Protect does a pretty good job of making sure the apps on the Play Store are safe for usage, and you lose that layer of protection when you start downloading stuff from unknown and – and more importantly – untrustworthy sources.

For more info on Loapi, check out the source link below.