The New Threat to Android Phones – Loapi Malware
A new malware that has the capacity to mine cryptocurrency launched DDoS attacks that after two days of testing it completely destroyed the Android phone.
The malware Loapi has a complex architecture, unlike any other malware that has been seen before. A proxy module for mine Monero it also works as advertisement module, a web crawling module, and texting module. It aggressively defends itself.
It was Kaspersky Lab researchers that discovered this new versatile malware and in a release note, it warned the users’ “Loapi is an interesting representative from the world of malicious Android apps. Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time.”
The people behind Loapi must be the same guys who made ‘Podec’ the 2015 Android malware, which was pushed into the third-party app stores. Cyber experts found that Loapi usually acts itself as an app for antivirus solution.
So one the Loapi installs itself, it obtains device administrator, by showing itself as an antivirus solution and the user activates administrator permission, the app disguises its icon and continues to do what it intends to, pretending to be an antivirus and scanning the device.
Loapi malware modules
One Loapi module is for spamming advertisements, opening various URLs, including pages in popular social networks such as Facebook or Instagram, as well as for displaying videos ads and banners.
This malware is for spamming advertisement, it opens different URLs, of popular social networks. It can be used to launch DDoS attack, particularly the proxy module, and the mining module as said above pushes the Android to mine for Monero.
Another interesting module is used only to communicate with the attacker using SMS messages, it manipulates text messages using ‘Command and Control server. The inbox is cleaned after the attack, including the sent folder to keep the user in the dark about the activities from the Command and Control server.
There is another module that focuses on web crawler, it uses the hidden JavaScript to subscribed users, and if that requires a text message confirmation Loapi ensures that, too.
Loapi’s aggressive self-protection
Loapi is designed in such a way that any move to remove or revoke will be severely defended. If detected or launched then Loapi displays a dubious message that reads a certain malware has been detected and asks the victim to uninstall it. The victim will be tricked with the pop up till he gives up to the continuous request to uninstall or deletes the application. The only way out to get rid of Loapi is to boot into safe mode and deactivate the admin privileges.