Beware of the Dangerous Android Malware Laopi - Protect your Smartphone
fraudulent applications, poor security checks, advertisements, spam text messages, and other techniques are used to sabotage your cell phone. Cybersecurity researchers at the Kaspersky Lab purposely infected an Android phone with a new species of despicable malware.
This is in continuation to my previous blog in which I talked about Google enforcing 64-bit apps to improve app security and performance of its platform for Android apps. In fact, you may not be actually aware of, that malicious apps have downloaded on your smartphone, even if you have always been using the official Google Play store. It is because fraudulent applications, poor security checks, advertisements, spam text messages, and other techniques are used to sabotage your cell phone. Cybersecurity researchers at the Kaspersky Lab purposely infected an Android phone with a new species of despicable malware. Within two days, due to the overheating and extensive traffic, the phone battery bulged, deformed the phone cover and actually warped the phone.
Findings of Researchers at Kaspersky Lab
The researchers found a rather interesting sample, Trojan.AndroidOS.Loapi and call this malware a "Jack of All Trades", which possesses a complicated modular architecture. The virus fully exploits the phone's computing power to mine cryptocurrencies (A cryptocurrency is a digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets), constantly irritate contacts with SMS spam campaigns, overwhelm the phone with advertisements, use the device to launch a DDoS (distributed denial-of-service) attack and much more. In fact, after witnessing the phone warp, the researchers noted that "the only thing missing is user espionage," meaning the malware didn't spy on or monitor the phone owner's activities. But considering the modular architecture of the malware, this sort of functionality can be added at any time.
Laopi’s play around with Cryptocurrency
The Loapi malware does so by completely smashing out the processor's computing power, and overheating your device. The overheating comes from the malware's ability to hideously mine Monero cryptocurrency and deposit the funds to the hackers. The constant mining will both hog the CPU resources and force it to overwork. Hackers have been disguising the Loapi malware as fake Android apps that pretend to offer antivirus protection or adult content. Once installed, the malware will persistently ask for administrative privileges in a loop until the user agrees. The malware also checks if the device is rooted, but never subsequently uses root privileges. Chances are, they will be used in some new module in the future. From there, it'll impersonate as an antivirus product or conceal itself away from the smartphone's menu.
Laopi’s Paralytic Attack using C&C Servers
The Loapi malware is quite an evil. It can communicate with a number of C&C (Command & Control) servers. These servers can load additional modules and receive list of apps which may attempt to remove or limit the permissions granted to the malware. The malware is empowered to combat attempts to revoke device manager privileges by locking the screen, closing the settings window, or threatening to wipe the phone's memory. The malware will even flag legitimate antivirus apps as malicious, and recommend that the user remove them. The researchers spotted Loapi-loaded apps advertised online, but not on the official Google Play Store. Their blog post contains the twenty different domains where the apps have been hosted.
Since the official app stores have a substantially more secure auto-approval process, security experts recommend that users refrain from unofficial app stores.