There's a new form of mobile malware with an identity crisis out there, experts have warned.
Spotted by security researchers from Kaspersky Lab, the Loapi Android malware can be more than one thing. It can be an adware, an SMS virus, a web crawler, a DDoS proxy, or even a cryptocurrency miner.
It is being thrown around the web and advertised as either an antivirus solution or an adult app. Once the victim installs the app, it asks for admin privileges, after which it starts installing other modules.
Aside from all the things mentioned above, the malware can also physically destroy the mobile device. Researchers believe this was not the hackers' intention, rather a side-effect of poor optimisation. Once the malware starts using the mobile device's computing power, it can heat it up so much that it can destroy its battery.
It is also capable of defending itself. If the user tries to revoke its admin rights, it will block the device's screen, and close the window.
“Loapi is an interesting representative of the world of Android malware because its authors have embodied almost every feature possible into its design," notes Nikita Buchka, security expert at Kaspersky Lab.
"The reason behind that is simple – it is much easier to compromise a device once and then to use it for different kinds of malicious activity aimed at earning illegal money. The surprisingly unexpected risk which this malware brings is that even though it can’t cause direct financial damage to the user by stealing their credit card data, it can simply destroy the phone. This is not something you would expect from an Android Trojan, even a sophisticated one."
The best way to protect yourself from such attacks is to prevent the device from installing apps that don't come from the Google Play store.
Image Credit: CyberHades / Flickr