Cybersecurity firm Kaspersky Lab has exposed a powerful malware that infiltrates smartphones to secretly mine cryptrocurrency and carry out DDoS attacks.
Loapi, the malicious software, is so power-hungry that it can overheat your battery and fry your phone. The virus physically destroyed the Kaspersky Lab test phone just two days after being infected with it.
Kaspersky Lab wrote a blog detailing how Loapi works and the range of pernicious activities it can carry out. “Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover,” the blog says.
Loapi is Trojan malware that is most commonly picked up by users who click on ad banner advertising in adult content apps. Pop up advertisements for fake anti-virus software is also a common vehicle for the malware.
— Kaspersky (@kaspersky) December 18, 2017
Once on the phone, Loapi constantly asks for administrator rights. “It doesn’t take no for an answer; notification after notification appears on the screen until the desperate user finally gives in and taps OK,” Kaspersky Lab explained.
The insidious app even shuts down the settings window and locks the screen if the person tries to deny it administrator rights. If the user tries to download anti-virus software to protect the phone, Loapi flags it as malware and demands it be removed.
After seizing administrator rights, the versatile malware manipulates the phone into carrying out a number of functions including mining the Monero cryptocurrency, signing the phone’s owner up to paid subscription services, plaguing them with more ads and even turning the phone into a zombie to be used in DDoS attacks.
Spain’s national police warned people about the malware via Twitter.
— Policía Nacional (@policia) December 20, 2017
Kaspersky advises that the best way to avoid having your phone infected with Loapi is to only download apps from official stores; disabling the installation of apps from unknown sources; only downloading apps that you really need; and using reliable anti-virus software.