Kaspersky Labs reports a dangerous malware called Loapi, which, among other things, can mine Monero through our smartphone and cause physical damage to the terminal.

We have commented on several occasions that mining cryptocurrencies is a problem for computer users and that it is not advisable to mine them with a smartphone, because we risk destroying our terminal. Well, Kaspersky Labs researchers have detected a new, very dangerous malware for Android called Loapi, which is intended to mine Monero on our smartphone. This malware also has the properties of saturating our ad terminal, making automatic subscriptions to payment services even if we don't want to, and being used to launch DDoS attacks, among others.

The mining part is the most problematic, since it raises the terminal load to a point that ends up causing physical damage to our device. After two days, as seen in the picture, it ends up causing noticeable damage, causing the battery to sag due to overheating. The researchers emphasize that this malware is distributed through advertising campaigns and that it is usually disguised as an antivirus or pornography application. If the infected application is installed, it constantly requests administrator permissions in a loop until those permissions are granted. It does a root permissions check, but does not use it, although it could be used in the future due to the modular feature of the malicious software.

This Loapi malware has the ability to communicate with various command and control servers. What these servers can do is load additional modules or receive a list with the applications that we have installed and that could limit or eliminate the permissions that this malware wants. If these applications exist, the malware focuses its attack on the legitimate security application and loops for the user to remove it from their terminal, until they agree to remove it. This malware also locks the screen and closes the device manager, warning the user that the data on the phone will be erased.

There is no indication that this malware is distributed from the Google Play Store, but as always, it is advisable not to install applications from unknown users or third-party websites, since we do not know what we can find.

Source: Kaspersky Lab