‘Loapi’ mobile malware is five attacks rolled into one: Kaspersky

Getty Images

New Android malware discovered by Kaspersky Lab is capable of an unusually broad array of five different attacks and, due to a design flaw in the coding, may inadvertently physically destroy a phone a few days after being installed. 

“We’ve never seen such a ‘jack of all trades’ before,” wrote the company in Monday’s official write-up of the threat, which it calls “Loapi.”

The malware is installed via malicious apps available for download outside the official Google app store. Victims are directed to the apps — more than 20 of them — through advertisements.

Loapi is capable of running an advertising click fraud scheme, which makes it appear as if a victim is visiting advertisers’ websites. Advertisers pay a small rate every time an ad is clicked. Loapi also contains a cryptocurrency mining module and the ability to run web requests at the attacker’s command, including signing a phone up for various subscription services. 

The malware is capable of using a phone to attack a second user in two ways. First, Loapi is capable of sending SMS messages. Second, vast groups of phones infected with Loapi can be directed to simultaneously flood a server with traffic so extreme the server collapses. 

Loapi is not designed to be subtle. According to Kaspersky, the advertising and subscription sign-up features made 28,000 different requests over a 24-hour period. Meanwhile, cryptocurrency mining is a processor-intensive feature. Loapi drained system resources so quickly that the battery of the test phone Kaspersky used overheated, causing it to expand and burst out of the phone case. 

Tags

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.