Posted on December 20, 2017 at 5:11 PM
The latest addition to the Android-based malware is especially dangerous as it uses five different attack techniques to infiltrate and compromise devices.
Android-based smartphones have often fallen victim to a slew of different malware attacks ranging from data theft to ransomware attacks. The latest malware, known as Loapi, has recently reared its head and promises to cause widespread damage as it can launch five different types of attacks simultaneously.
Loapi is a new hybrid piece of malware code that allows it to run up to five different malware attacks simultaneously, including bulging the phone’s battery, which causes the phone to destruct, installing a covert cryptocurrency mining script, use the device to launch DDoS attacks, and possibly more.
In addition, the malware is responsible for running a fraudulent advertising system. Users are misled into thinking that they’re being led to the advertiser’s web page after clicking an advertisement, while in reality, the fraudulent advertiser receives funds with every click. By running a Monero cryptocurrency mining script, Loapi is able to process web requests and covertly signs the victim up to an array of subscriptions without the victim’s knowledge.
Loapi was discovered by researchers at Kaspersky Labs and after investigating the malware, the researchers have dubbed Loapi the Jack of all trades when it comes to malware. Loapi’s vastly complex modular structure is vastly different from any other existing malware tailored to Android devices. The malware implements several damaging modules, including a Monero mining module, an advertising module, texting module, and proxy module. To make matter worse, the malware is incredibly hard to detect and remove.
In their blog post, the Kaspersky researchers noted that to date they’ve never seen such a complex malware.
The researchers discovered 20 malicious apps which are responsible for infecting Android devices with Loapi. The apps, which consist mostly of adult content apps or mobile antivirus apps were generally downloaded via third-party platforms before continuing to infect the device. Victims downloaded the apps after clicking on a misleading advertisement. After downloaded and running the app, the victim became subject to several popups. The popups, which as a rule request a permission from the user, were quickly agreed with to finish up the process and start using the app. Once the popups were successfully granted permission by the user, the malware deletes any security software on the device to evade detection. Once a user tries to delete the administrator account, Loapi simply causes the settings menu to close. Only after rebooting the device in safe mode, were users able to delete Loapi successfully.
Loapi attacks victims by either sending SMS messages or by simply flooding a particular server with traffic by a group of devices previously infected by Loapi. The latter attack causes a server collapse.
Within the first 24-hour the extraordinarily aggressive malware received 28,000 various permissions and subscriptions. In addition, the Monero mining script not only profits those behind Loapi but quickly drains a device of its computer processing power. Once the device battery inevitably overheats due to the excessive use of processing power, it expands and bursts, which damages the device.
The Kaspersky researchers noted in their blog post that Loapi is notable because the creators have included a vast array of attack techniques within a single malware. The malware can conduct attack campaigns such as mining Monero, subscribe users to paid-for services, generate funds from fraudulent advertising campaigns, manipulate traffic, and perform several nefarious acts on the victim’s behalf online. While the malware does not yet demonstrate capabilities of espionage, the researchers warn that considering Loapi’s structure, this can be easily implemented.
While Loapi has not yet been detected on any app available on the Google Play Store, Kaspersky Lab researchers noted that there are currently 85 apps available from third-party platforms which carry the damaging malware.