Loapi: Kaspersky discovered modular Trojan for smartphones

The Russian developer for anti-virus programs and digital security solutions Kaspersky has drawn attention to an aggressive modular Android Trojan called "Loapi" in a press release, which attacks smartphones extensively. Loapi uses the smartphone that it infects, among other things as a mining option for crypto currencies, as output for advertisements, for SMS campaigns, with a proxy module for DDoS attacks and more. In addition, the Trojan protects itself from being uninstalled and can destroy the infected smartphone if it is overloaded. Really dangerous mobile malware!

The Android Trojan Loapi uses admin rights to install modular malware, adware, mining programs and proxy services for DDoS attacks.

The Android Trojan Loapi uses admin rights to install modular malware, adware, mining programs and proxy services for DDoS attacks.

Loapi malware exploits smartphones

Loapi is installed on the smartphone hidden in alleged antivirus apps or "adult apps" with porn content for Android. After querying and consenting to the user, the Trojan obtains administrator rights and then starts with its malware. The perfidious thing: it is a modular malware, so individual modules can be added by the hackers or removed from the software. Are there according to Kaspersky currently known these Loapi modules:

  • Adware module for aggressive advertising on the smartphone display
  • SMS module for SMS message actions
  • Web crawler module: User is secretly logged on to payment services. The SMS module hides messages, replies to them and then removes all traces
  • Proxy module for HTTP access to carry out DDoS attacks
  • Monero mining module for creating the cryptocurrency Monero (XMR)
How malware works for Android smartphones (source: Kaspersky)

How malware works for Android smartphones (source: Kaspersky)

Loapi is said to be hidden in these apps - alleged antivirus software and adult programs with porn content. (Source: Kaspersky)

Loapi is said to be hidden in these apps - alleged antivirus software and adult programs with porn content. (Source: Kaspersky)

Trojans protect themselves against rights deprivation and deinstallation

Not that the various modules and their functions are bad enough, Loapi also protects itself from being deprived of administrator rights. If the smartphone user tries to do this, Loapi blocks the display and closes the window. In addition, his C&C (Command and Control) server provides him with an up-to-date list of anti-malware programs that could detect and remove him. If a corresponding app is installed, the Trojan warns of alleged malware and offers to remove it. The installed antivirus program is simply removed. You can hardly ignore Loapi because the message is repeated over and over again in a loop.

Android malware can destroy the battery and thus the smartphone

Due to the many different modules of the Trojan, which go about their criminal work in the background, as well as the constant messages in case you want to get rid of the malware, the smartphone can be used to such an extent that the battery heats up to the point of deforming. Nikita Buchka, security expert at Kaspersky Lab, explains the facts:

"Loapi is an interesting example of Android malware because the design of the Trojan allows almost any functionality. The reason for this is simple: the device only needs to be infected once and can then be used for a wide variety of malicious and fraudulent activities. Extremely surprising, however, is the fact that Loapi has the possibility of destroying the device. You wouldn't expect something like this even from a sophisticated Android Trojan."

Protection against Loapi and other malware

As protection against the new Android malware Loapi and viruses, Ransomware and other malware you should always have the current version of your operating system on your smartphone. Apple delivers new iOS versions as well as patches and fixes very quickly; with Android, the time of the update also depends on the device manufacturer and the network operator. In addition, you should only install apps from outside the official app stores on both Android and iOS in exceptional cases. There are also secure antivirus apps and anti-malware solutions there.

Code, sources and more

If you want more information about Loapi, its code and the individual procedures of the Android malware, then take a look at Securelist.com past. There the trojan known as the "Jack of all trades" is dismantled. In addition, domains are given that are known as sources for Loapi.

-
 

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .