There's a new malware circulating across Android devices that could literally inflict physical damage on the device it's on rather than just mess with the software.
This newly discovered malware executes a number of malicious behaviors, including displaying a near-endless spate of ads, participating in DDoS attacks, sending messages to random numbers, and subscribing to paid services without the user knowing.
"Malicious files are downloaded after the user is redirected to the attackers' malicious web resource. We found more than 20 such resources, whose domains refer to popular antivirus solutions and even a famous porn site," wrote Kaspersky Lab in a blog post.
Loapi Malware Mines Cryptocurrency
Its most appalling activity? Mining for cryptocurrency. It's so appalling because it runs so aggressively that it can fry a phone's internals. Malware and other types of viruses rarely cause physical strain on devices they affect, but this one is so malicious and power-intensive that it can melt a phone.
The malware called Trojan.AndroidOS.Loapi hides inside apps downloaded from third-party app stores, browser ads, or spam messages sent via SMS. Kaspersky Lab called it a "jack of all trades" because it can execute so many malicious behaviors. Most concerning is the fact that Loapi apps have a module that mines Monero, a cryptocurrency that's apparently less intensive than Bitcoin, as Ars Technica notes.
Loapi Malware: How It Works
It works by hijacking the device's processor and using the computing power to mine Monero. Needless to say that to be able to do this, it needs significant amounts of processing power. A test phone was used to study the malware, and it broke it just two days after initial infection.
"Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," wrote Kaspersky.
Loapi is just part of the growing trend among cyber criminals to take advantage of computers and smartphones to mine for cryptocurrency, especially since its value has increased tremendously in recent years.
Over the past few months, a roster of apps and websites have been discovered to be draining people's CPUs and electricity as they use intensive resources to run cryptocurrency mining codes.
The Loapi malware might perhaps be the first cryptocurrency-mining code to cause severe physical damage to a device when it's running. Not only does this speak volumes about the lengths some individuals will go to harvest cryptocurrency, but it also highlights that malware can be a physical hazard to owners whose phones have been infected with it.