Loapi: Kaspersky discovered modular Trojan for smartphones

The Russian developer for anti-virus programs and digital security solutions Kaspersky has drawn attention to an aggressive modular Android Trojan called "Loapi" in a press release, which attacks smartphones extensively. Loapi uses the smartphone that it infects, among other things, as a mining option for cryptocurrencies, as an output for advertisements, for SMS campaigns, with a proxy module for DDos attacks and more. In addition, the Trojan protects itself from being uninstalled and can possibly destroy the infected smartphone by overloading it. A Really Dangerous Mobile Malware!

The Android Trojan Loapi uses admin rights to install modular malware,

Loapi malware exploits smartphones

Hidden in alleged antivirus apps or "adult apps" with porn content for Android, Loapi is installed on the smartphone. Of the Trojans obtains the administrator rights after query and consent of the user and then starts with its malicious program. The perfidy: it is a modular malware, so individual modules can be added by the hackers or removed from the software. According to Kaspersky [Current BSI warning about Kaspersky (15.03.2022/XNUMX/XNUMX): Read all the background here] currently these Loapi modules are known:

  • Adware module for aggressive advertising on the smartphone display
  • SMS module for SMS message actions
  • Web crawler module: User is secretly logged on to payment services. The SMS module hides messages, replies to them and then removes all traces
  • proxymodule for HTTP access to execute DDoS attacks
  • Monero mining module for creating the cryptocurrency Monero (XMR)
How malware works for Android smartphones (source: Kaspersky)
How malware works for Android smartphones (source: Kaspersky)
Loapi is said to be hidden in these apps - alleged antivirus software and adult programs with porn content. (Source: Kaspersky)
Loapi is said to be hidden in these apps - alleged antivirus software and adult programs with porn content. (Source: Kaspersky)

Trojans protect themselves against rights deprivation and deinstallation

Not that the various modules and their functions are bad enough, Loapi also protects itself against having administrator rights revoked. If the smartphone user starts a corresponding attempt, Loapi blocks the display and closes the window. It also gets an up-to-date list of anti-malware programs that could detect and remove it from its C&C (Command and Control) server. Will a corresponding App installed, the Trojan warns of alleged malware and offers to remove it. The installed antivirus program is simply removed. You can hardly ignore Loapi because the message is repeated again and again in a loop.

Android malware can destroy the battery and thus the smartphone

Due to the many different modules of the Trojan, which go about their criminal work in the background, as well as the constant messages in case you want to get rid of the malware, the smartphone can be used to such an extent that the battery heats up to the point of deforming. Nikita Buchka, security expert at Kaspersky Lab, explains the facts:

"Loapi is an interesting example of Android malware because the design of the Trojan allows almost any functionality. The reason for this is simple: the device only needs to be infected once and can then be used for a wide variety of malicious and fraudulent activities. Extremely surprising, however, is the fact that Loapi has the possibility of destroying the device. You wouldn't expect something like this even from a sophisticated Android Trojan."

Protection against Loapi and other malware

As protection against the new Android malware Loapi and viruses, Ransomware and other malware you should always have the current version of your operating system on your smartphone. Apple delivers new iOS versions as well as patches and fixes very quickly; with Android, the time of the update also depends on the device manufacturer and the network operator. In addition, you should only install apps from outside the official app stores on both Android and iOS in exceptional cases. There are also secure antivirus apps and anti-malware solutions there.

Code, sources and more

If you want more information about Loapi, its code and the individual procedures of the Android malware, then take a look at Securelist.com past. There the trojan known as the "Jack of all trades" is dismantled. In addition, domains are given that are known as sources for Loapi.

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.