Loapi – Android malware in a new dimension

 Does the Loapi Android trojan cause cell phones to explode?

18.12.2017
Kaspersky Lab has discovered a new Android mobile Trojan that is capable of performing almost any malicious action.
Loapi is distributed via advertising banners or as an app for adults.
It was christened Loapi (Trojan.AndroidOS.Loapi) and it is to be feared that it will still make a name for itself.

But what makes this Trojan so special?
Loapi has a modular structure.
This means that appropriate modules can be reloaded for a variety of purposes and a gigantic range of harmful actions can be made available to this malware. This means that a single infection is sufficient to be able to carry out any malicious or fraudulent action available in a modular manner.

The more common actions like DDoS attacks, SMS phishing or aggressive advertisements are unfortunately among the comparatively harmless attacks.
What is worrying is the behavior of the Trojan that can lead to the device overheating and its destruction.



After its installation, the malware requests administrator rights, which are repeatedly presented in a loop in the event of rejection until the annoyed user agrees.
Then Loapi connects to a server to reload modules.
The specialists have so far been able to demonstrate the following modules.

  • An adware module for advertising banners
  • An SMS module for actions based on SMS messages
  • Web crawler module for secret registration with payment services; SMS module disguises, replies and hides corresponding messages
  • Proxy module for HTTP access on the device in order to start DDoS attacks
  • Mining module for mining the cryptocurrency Monero (XMR)

 

Good advice is to disable installing apps from unknown sources.
Unfortunately, this is only a small measure that offers little protection.

 

Comments

 

(mh)