Researchers at Kaspersky Lab have discovered a new malware with special features, i.e. it is equipped with several modules offering an almost unlimited number of malicious features, from cryptocurrency mining to DDoS attacks. And given its modular architecture, it seems that more functionality can be added. So let’s get to know Loapibetter.
Compared to a classic single-function Android malware, we reiterate that Loapi has a complex modular architecture that allows it to perform an almost unlimited number of actions on the infected device. Its distribution is done via advertising campaigns where it is disguised as an antivirus solution or adult apps. Once the applications carrying the trojan are installed, they ask for administrator rights to the device and start secretly communicating with command and control servers to install additional modules. According to when communicated by Kaspersky Lab researchers, the main modules of Loapi are: an adware module, used to persistently display advertisements on the user’s device; an SMS module, used by the malware to conduct various activities through text messages; a web crawler module, used to sign up users for paid services without their knowledge (linking to the previous module to obscure all evidence of any communications); a proxy module that allows cyber criminals to perform http requests on behalf of the device, activities that can support DDoS attacks; and a module for mining the crypto currency Monero.
Loapi also has the ability to protect itself: when the user tries to revoke the device’s administrator rights, the malware locks the device’s screen and closes the window. Another peculiarity of Loapi’s defense scheme consists in “deterring” the user from using applications that are dangerous to him, as a security solution that could remove him. In this case the Trojan shows the user a fake message stating that a malicious file has been found and proposes to remove the application. A message transmitted in a loop that will lead the user to delete the application out of exhaustion.
But there is more, an aspect that goes hand in hand with the intense activity conducted by this malware: tests conducted on a randomly selected smartphone showed that the workload of the malware is such that it makes the device overheat and even deforms the battery. Consequences that most probably the malware authors had not even calculated.
At the same time as the discovery of the malware, Kaspersky researchers gave their opinion on how to act to protect their devices and personal information:
- disable the ability to install apps from sources other than official app stores;
- update your device’s operating system to reduce software vulnerabilities and the risk of attack;
- install a reliable security solution to protect your device from cyber attacks.
Sara Avanzi