Skip to main content

Researchers discover Android malware with an identity crisis

(Image credit: Image Credit: CyberHades / Flickr)

There's a new form of mobile malware with an identity crisis out there, experts have warned. 

Spotted by security researchers from Kaspersky Lab, the Loapi Android malware can be more than one thing. It can be an adware, an SMS virus, a web crawler, a DDoS proxy, or even a cryptocurrency miner.

It is being thrown around the web and advertised as either an antivirus solution or an adult app. Once the victim installs the app, it asks for admin privileges, after which it starts installing other modules.

Aside from all the things mentioned above, the malware can also physically destroy the mobile device. Researchers believe this was not the hackers' intention, rather a side-effect of poor optimisation. Once the malware starts using the mobile device's computing power, it can heat it up so much that it can destroy its battery.

It is also capable of defending itself. If the user tries to revoke its admin rights, it will block the device's screen, and close the window.

“Loapi is an interesting representative of the world of Android malware because its authors have embodied almost every feature possible into its design," notes Nikita Buchka, security expert at Kaspersky Lab.

"The reason behind that is simple – it is much easier to compromise a device once and then to use it for different kinds of malicious activity aimed at earning illegal money. The surprisingly unexpected risk which this malware brings is that even though it can’t cause direct financial damage to the user by stealing their credit card data, it can simply destroy the phone. This is not something you would expect from an Android Trojan, even a sophisticated one."

The best way to protect yourself from such attacks is to prevent the device from installing apps that don't come from the Google Play store.

Image Credit: CyberHades / Flickr

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.