Jack-of-all-trades Android malware can destroy phones
COMPUTER security researchers have uncovered a new strain of transforming malware with the capability to physically destroy Android phones.
Kaspersky Labs staff warn that the modular malware, called Loapi, can perform several tasks, including mining the Monero cryptocurency, filling the victim’s device with adverts or taking part in DDoS attacks. It can also act as an SMS virus or a web crawler.
The worm is installed by disguising itself: either as an antivirus solution or an adult app. It gains permissions by spamming an infected device with notifications asking for privileges, until the user either gives up and hands over the rights knowingly or agrees by accident.
It also checks for root permissions, and although it does not use them, this could be a possibility in the future. Possibly due to poor optimisation, the malware uses up so much compute power that it causes the phone to overheat, damaging the battery.
Said Kaspersky security expert Nikita Buchka said, “Loapi is an interesting representative of the world of Android malware because its authors have embodied almost every feature possible into its design.
“The reason behind that is simple – it is much easier to compromise a device once and then to use it for different kinds of malicious activity aimed at earning illegal money.
The surprisingly unexpected risk which this malware brings is that even though it can’t cause direct financial damage to the user by stealing their credit card data, it can simply destroy the phone. This is not something you would expect from an Android Trojan, even a sophisticated one.”
The easiest method of protecting yourself against Loapi is simple: don’t install apps that don’t come from Google Play.
The surprisingly unexpected risk which this malware brings is that even though it can’t cause direct financial damage to the user by stealing their credit card data, it can simply destroy the phone. — Nikita Buchka, Kaspersky security expert