New Android malware can make your phone battery explode
A newly discovered sort of malware targeting Android phones is capable of performing an assortment of malicious actions, from launching DDoS attacks to mining cryptocurrencies. It does the latter so intensely, the Kaspersky researchers said in a post about the threat, that it can cause the battery to bulge and wreck the phone within two days.
What the malware does
“We’ve never seen such a ‘jack of all trades’ before,” Kaspersky Lab wrote in Monday’s report about the new threat, which the researchers call “Loapi.” According to them, “it’s creators have implemented almost the entire spectrum of techniques for attacking devices”:
- Subscribe to paid services
- Send and delete text messages
- Inject ads in the notification area
- Show ads in other apps
- Download and install other apps
- Launch DDoS attacks
- Open URLs in browsers
- Mine Monero
- and more
The researchers speculate that the strain may have evolved from Podec, a malware family first noticed in 2015. Back then, cyber criminals were using Podec to bypass Advice of Charge (AoC) and CAPTCHAs to subscribe unsuspecting victims to premium-rate SMS services. Whether or not the two are related, Loapi is one of the most adaptable Android trojans to date.
Loapi is currently advertised on third-party app stores, disguised as a mobile antivirus or adult-content app. Luckily for Android fans, Loapi hasn’t been spotted on the Google App Store. However, users should remain vigilant, including on official marketplaces, as malware may slip through the cracks.
What happens if you install Loapi
After the fake app with malicious files is downloaded and installed, Loapi obtains device administrator rights. The app pushes the user to give it the advanced permissions by looping a pop-up until the victim gives in and clicks yes. As soon as Loapi gains the privileges, it hides its icon from the menu.
Loapi “aggressively fights any attempts to revoke device manager permissions,” according to Kaspersky. If the smartphone owner tries to deprive the app of administrator rights, the Trojan locks down the screen and closes the Settings window. It will even download real malicious apps just to convince the user that they really need the apparent antivirus software.
To remove Loapi, users will have to boot their device in Safe Mode. The procedure to boot into Safe Mode depends on the specific smartphone model.
Loapi malware modules
Loapi deploys up to five distinct modules to take a complete ownership over the user’s phone. For instance, according to Kaspersky, its advertising and subscription sign-up features made 28,000 different requests over a 24-hour period.
Some mobile operators ask to confirm a subscription by sending a text message to the device from which the request came. “In such cases the Trojan uses SMS module functionality to send a reply with the required text,” Kaspersky wrote. What’s more, it immediately deletes all messages (both outgoing and incoming).
Laopi’s mining module uses the processing power of the device to solve complex equations and verify transactions, which then earns the hackers the Monero currency. During the Kaspersky research, Loapi used up system resources so quickly that the battery of the phone used for testing overheated, causing it to expand and burst out of the phone case.
How to protect yourself from malware
As usual, prevention is better than cure. To avoid falling for the malware con, you should observe a few simple rules.
- Install apps from official stores only. Google Play Store has a special team in charge of detecting mobile malware. Once in a while, Trojans manage to sneak into official stores, but the odds of coming across one there are far lower than on unverified sites.
- Disable the installation of apps from unknown sources. To do so, go to Settings > Security and make sure that the Unknown sources box is unchecked.
- Only install what you really need. By and large, the fewer apps you install, the more secure your device remains.
- Get a reliable anti-malware app or use the CyberSec feature available in the NordVPN app for Android. If the website you are trying to visit is known for phishing or malware, CyberSec reacts immediately and blocks the dangerous action.