Loapi Android Malware Physically Destroys A Test Device

Malware is an ever-present threat in the Android world, and a new variant found by Kaspersky managed to physically destroy a test device in its lab by stressing and overheating the device to the point that the battery bulged and broke its external casing. Called a "jack of all trades," Loapi is unique in its extensive capabilities. It starts out as many malware versions do, as a nearly harmless seed program that incessantly seeks device administrator permissions. Once it has them, it can connect to its command server and start downloading encrypted modules, which is when it becomes dangerous. The encryption is how it manages to hide from the Play Store's automatic detection algorithms for malware, and the decryption keys for the encrypted content are hosted on the command server that Loapi connects to.

Loapi 's main avenues to profit are to show ads, mine cryptocurrency, and use a web crawler to sign victims up for services with WAP billing, which will appear on their phone bills. Kaspersky also found an SMS module that could be used maliciously and a proxy module that could potentially be used to employ a victim's device in a DDoS attack. Kaspersky captured some snippets of the code that allow the malware to do all of this without alerting Google or the device's internal security services to its presence, as well as some web domains that it refers to, along with a list of domain names that have occupied one particular address that the malware calls over time. These can be seen in the gallery below. With all of this going on, it's easy to see how Loapi can overwhelm a device and cause it to crash, or even drastically overheat as seen in the featured image above. What makes it even scarier is that it has measures in place to protect itself, using repeated prompts and controlled crashes to keep users from revoking device administrator privileges or using security apps that would detect its activities.

All of the apps that Kaspersky found to contain Loapi in the Play Store have been reported to Google, but there may always be more. The core of Loapi lies in what's fed from the control server, so any malware that can hide from Play Store's security mechanisms and call to that particular server can do the same things as these apps. Mostly, the code was found in fake security and antivirus apps, as well as adult apps, which aren't technically allowed in the Play Store. The moral of this story is the same as almost every other story about Android malware; be careful what you download, never grant suspicious permissions or privileges to an app, and don't assume you're safe just because you're sticking to the Play Store.

You May Like These
More Like This:
About the Author
2018/10/Daniel-Fuller-2018.jpg

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now