A group of Russian security researchers working at the Kaspersky Lab have analyzed a piece of malware that can hijack a person's phone and perform a wide range of malicious activities, among which is cryptocurrency mining. The software is so powerful that the constant load caused the battery in a test device to bulge after just two days.
The malware, known as Trojan.AndroidOS.Loapi, has been described as a "jack of all trades". Beyond the crypto-mining, it also bombards users with ads, can launch Distributed Denial of Service (DDoS) campaigns, subscribes the user to paid SMS services, and even fights off attempts to remove it.
The malware affects Android phones and once "malicious" files are downloaded, it redirects the phone's owner to the attackers' web resource, found to be disguised as antivirus software and adult content sites. Having invaded your phone, it pesters you until you give it admin privileges, which allows the malware to do whatever it wants.
The software is not just hellbent on taking over phones and annoying users as much as possible, it is also a nuisance to get rid of. Attempts at revoking access privileges result in the termination of the device manager app and a lock screen, with the malware posting “Phone data will wiped [sic]. Are you sure?” to scare people off. It also detects the installation and launch of antivirus software (from a constantly updating list) and will claim the antivirus is the real malware if launched.
“Loapi is an interesting representative from the world of malicious Android apps," the researchers at Kaspersky wrote in their detailed analysis of Loapi. "It’s [sic] creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time.”
If your device is infected, it might be extremely frustrating, but the malware can be fought off. However, it will probably be necessary to wipe your phone and reset it to factory settings. But it's better to start from scratch than have a melted phone, right?
11