New Android crypto mining malware can destroy devices

Tuesday, December 19, 2017 By

A new modular strain of Android malware can not only carry out malicious actions, it can even destroy the handset...


A new malware variant targeting Android smartphones will actually destroy the device physically, in an unusually aggressive strategy.

The malware, called Loapi, installs a Monero miner that - if left to run unhindered - will ramp up the phone’s CPU usage until the battery overheats or worse.

Discovered and documented by Kaspersky Labs, the researchers installed Loapi on a test handset, stating: “Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover.”

New Android crypto mining malware can destroy devices

The malware appears to have been evolved from Podec, a malware strain spotted in 2015, but has a complicated modular architecture, designed to carry out a range of malicious activities. These include mining the Monero (XMR) cryptocurrency, pestering users with constant ads, as well as being able to launch DDoS attacks from the infected device. “We’ve never seen such a ‘jack of all trades’ before” said the researchers.

Loapi communicates with these module-specific command and control servers:

  • ronesio.xyz (advertisement module);
  • api-profit.com:5210 (SMS module and mining module);
  • mnfioew.info (web crawler); and
  • mp-app.info (proxy module)

Loapi obtains device administrator rights by the simple yet effective technique of bombarding users with popups until they do what the malware wants. This strategy also serves to uninstall genuine AV software on the handset too. Users will need to boot their phones into safe mode to uninstall Loapi, as the malware also closes the Settings window whenever it detects that a user is trying to deactivate its administrator account.

Ilia Kolochenko, CEO, High-Tech Bridge pointed out that mobile devices often contain the most sensitive data of all devices: “Compromised mobile phones are even more critical than a personal computer or account on a website. Users tend to store huge amount of personal and very sensitive data on their mobile devices, including their photos, financial information, passwords for dating and health apps, access codes for the offices, and even strictly confidential data of their employers.

A compromised mobile device can lead to irreparable harm in terms of financial and reputational damage. Users were reluctant to update their Windows XP machines fifteen years ago, now their demonstrate the same carelessness towards their mobile phones. If nothing changes – cybercriminals will skyrocket their illicit income from ransomware, blackmailing, and data theft affecting mobile phones. Continuously keeping your mobile phone up2date, avoid jailbreak (iPhone) and rooted (Android) device, prudence when installing new apps – these simple precautions can prevent 99% of attacks against your mobile crown jewels.

In recognition of the rising threat of compromised applications, High-Tech Bridge has launched a free online service “Mobile X-Ray” to test mobile application security and privacy. It detects the most common weaknesses and vulnerabilities, including OWASP Mobile Top Ten, and provides a user-friendly report with remediation guidance. So far, just under 12,000 apps have been tested, and even the most secure of the leader board to date have more than one medium risk vulnerability.

Data storage issues and poor cryptography implementation are common errors - there is still plenty of work to be done on the basics!


Mark Mayne has covered the security industry for more than 15 years, editing news for SC Magazine and editing SecurityVibes UK. Mark has a background in national news journalism and tech reporting, and has run b2b and b2c editorial sites.

User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email
Share