New Android Malware Mines Cryptocurrency So Hard it Fries Your Battery
For many people, mobile devices are their main computing device. It’s no surprise then that malware creators have followed them to mobile platforms. Most pieces of Android do one or two things, often in a surreptitious manner to evade detection. That’s not the case with a new strain of malware called Loapi, discovered by Kaspersky researchers. They’re calling it a “jack of all trades” because it has modules for just about everything, from serving up ads to mining cryptocurrency .
Loapi doesn’t exploit any wild new security holes to gain access to your phone. This is an example of good old-fashioned social engineering.
Upon setting itself up on a device, Loapi downloads several modules from the command-and-control server based on what the operators want to do on the phone. It can join a botnet, flash ads on the screen, send SMS spam to infect more people, and mine the Monero cryptocurrency. The malicious app also asks for administrator access to the device, giving it the ability to hide its app icon and control other apps.
The Monero mining module is particularly interesting. Like all cryptocurrency, networks of machines mining Monero are necessary to keep the currency functional. It takes a lot of computing power to mine Monero, but with enough phones linked together, the malware authors could earn some real cash (Monero is worth just under $400 right now). They have no desire to respect the limits of the phone, either.
According to Kaspersky, the Monero mining run by Loapi is so aggressive it completely destroyed one of the test phones in its lab. The constant load on the processor caused the device to overheat. The battery bulged and split the case open. That’s actually kind of impressive.
You don’t need to worry about catching this battery-destroying malware as long as you take a few simple measures. Don’t install random APKs you find floating around, and leave the “unknown sources” install toggle off unless you’re using it.
Now read: