The Loapi malware, which poses as adult or security apps, runs processor-intensive scams that can cause a phone to overheat and deform its case
A newly discovered strain of Android malware has been uncovered that runs a number of different scams at once – so many that it can cause overheating and physical damage to a device.
Researchers at Kaspersky Lab said after two days of allowing the Loapi malware to run on a test device the constant workload caused the battery to bulge and deformed the phone’s cover.
Loapi has a complicated modular architecture that allows it to run several types of processes at once, including processor-intensive chores such as mining the Monero cryptocurrency and generating false traffic on web pages.
Kaspersky found during a period of 24 hours the malware tried to open 28,000 unique URLs, a way of generating fraudulent web ad revenues.
Loapi can also generate HTTP requests in order to try to crash websites as part of a large network of other devices infected with the similar code.
It tries to subscribe an infected device to paid services and displays ads on the screen.
“Its creators have implemented almost the entire spectrum of techniques for attacking devices,” Kaspersky wrote in an advisory. “The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time.”
Loapi poses as antivirus or adult content applications and spreads through online ad campaigns. Kaspersky said the malware was found in more than 20 different locations on the web.
When the user clicks through and installs the app, it repeatedly asks for administrator privileges until the user grants them, allowing it to install the modules of its choice.
If the user tries to remove the app’s privileges in Android’s settings panel, the app locks the screen and closes the window. It also searches for legitimate security software on the device, identifying it as “malware” and prompting the user for permission to remove it. The prompt appears repeatedly until the user agrees.
Loapi is only found in third-party app stores, but malicious code regularly turns up on Google Play as well, having bypassed security checks.
Do you know all about security in 2017? Try our quiz!