Researchers have discovered a new strain of transforming malware with the capability to physically destroy Android phones.
Kaspersky Labs staff say that the modular malware, called Loapi, can perform several tasks, including mining the Monero cryptocurency, filling the victim's device with adverts or taking part in DDoS attacks. It can also act as an SMS virus or a web crawler.
The worm is installed by disguising itself: either as an antivirus solution or an adult app. It gains permissions by spamming an infected device with notifications asking for privileges, until the user either gives up and hands over the rights knowingly or agrees by accident. It also checks for root permissions, and although it does not use them, this could be a possibility in the future.
Possibly due to poor optimisation, the malware uses up so much compute power that it causes the phone to overheat, damaging the battery.
Command & control servers are used to install additional modules, and also contain lists of apps that can attempt to limit the malware's activities. Loapi defends itself by flagging these apps as malware if they are already installed, driving the phone into a loop until the user removes them. It is also able to lock the screen and close the device manager.
Kaspersky security expert Nikita Buchka said, "Loapi is an interesting representative of the world of Android malware because its authors have embodied almost every feature possible into its design.
"The reason behind that is simple - it is much easier to compromise a device once and then to use it for different kinds of malicious activity aimed at earning illegal money. The surprisingly unexpected risk which this malware brings is that even though it can't cause direct financial damage to the user by stealing their credit card data, it can simply destroy the phone. This is not something you would expect from an Android Trojan, even a sophisticated one."
The easiest method of protecting yourself against Loapi is simple: don't install apps that don't come from Google Play.
Sophisticated mobile malware campaign could help hackers gain access to users' iPhones, warns McAfee
iPhone users tricked into installing open-source mobile device management software
Sailed through the uphill climb with a maximum speed of 75 mph
'Space sails' based on photonic materials funded by NASA's Innovative Advanced Concepts programme
HP Z Workstations include small form-factor Z2 Mini G4 with Nvidia Quadro or AMD Radeon Pro GPUs