Phone destroyed by Loapi trojan

A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse.

Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware strain spotted in 2015.

Back then, crooks were using Podec to bypass Advice of Charge (AoC) and CAPTCHAs to subscribe victims to premium-rate SMS services.

The new Loapi malware is much more advanced compared to the simplistic Podec strain. Kaspersky experts call it a "jack of all trades," as Loapi has a highly advanced modular structure and components for all sorts of nasty operations. For example, the new Loapi malware includes modules for:

⇉ Mine Monero
⇉ Install a proxy to relay traffic
⇉ Inject ads in notification area
⇉ Show ads in other apps
⇉ Open URLs in browsers, also used to show ads
⇉ Download and install other apps
⇉ Launch DDoS attacks
⇉ Interact with the phone's SMS function
⇉ Crawl web pages (most like used to subscribe users to premium SMS services), and more.

Loapi hidden in security and adult-themed apps

Loapi is currently advertised on third-party app stores, masquerading as a mobile antivirus or adult-related app.

Loapi apps on third-party store

The malware uses the classic trick of pestering users with an endless stream of popups until the user does what the malware wants. This is how Loapi obtains device administrator rights and how Loapi forces users to uninstall real antivirus apps from their phones.

Loapi-infected apps will also close the Settings window whenever it detects that a user is trying to deactivate its administrator account. Users will have to boot their device in Safe Mode in order to remove Loapi. The procedure to boot into Safe Mode is different per smartphone model.

Loapi didn't reach the Play Store, but other malware has

While Loapi has not made it onto the official Google Play Store, security researchers from Kaspersky and ESET did discover other malware strains that did.

For example, Kaspersky discovered 85 apps that were infected with a trojan that would steal login credentials. Based on Play Store download statistics, more than one million users appear to have installed these apps.

Further, ESET discovered two apps named "StorySaver" and "Crypto Monitor" that were designed to target the mobile banking apps of several Polish banks.