A new scary Android virus has been identified – its name Loapi! The online world is full of all sorts of malicious programs that can cause a variety of problems for the users of the devices infected by them.
With the growing popularity of smart-tech devices such as smartphones and tablets, hackers have also started to set their sights towards the mobile world of technology. There are already a great number of malicious viruses that have been specifically designed to infect smartphones and tablets causing various forms of unpleasantness and cyber-damage. However, most such malicious software applications have a specific purpose and use and can’t really go beyond what they have been programmed to do. There are banking Trojans that are used to extort money from their victims, there are Ransomware viruses that lock the screen or the files of the user and demand a ransom payment for the restoration of the access and there are various other hijacking and ad-generating unwanted and potentially harmful applications that can infect one’s smart device. We won’t go into any more detail regarding the various types of smartphone malware but you got the point – most such viruses have a single purpose and they stick to it. However, the same cannot be said regarding this new and highly-dangerous piece of malware for Android that goes under the name of Loapi – a Trojan Horse threat that can take all sorts of liberties with your device and even modify itself in order to expand the possible ways in which it can cause its harm.
What’s special about Loapi?
Think of Loapi as a multi-functional malware tool that the hackers behind it can use for a number of different illegal and harmful operations. Instead of serving one single purpose, this malware can change and “evolve” depending on what its creator really wants. So far, there have been four different ways in which Loapi can function once the targeted device has been infected.
- Unwanted subscriptions – This virus is capable of automatically subscribing to paid services without the user’s agreement (or knowledge). Typically, the services would require SMS payment but the Trojan has that covered too – it would also automatically send the needed payment in the form of SMS without you even knowing about that. After the payment is made, the malware would delete the messages so that the chances of the victim finding out about it are decreased.
- Ads and Hijacking – This Trojan could also function as a highly-aggressive version of an Adware or a Browser/Internet Hijacker app. It can display unpleasant and intrusive ads and banners onto the user’s screen, open random sponsored links and web locations and even download other undesirable apps without being given a permission from the user.
- Cryptocurrency mining – Taking over users’ devices and using their system resources to mine for a certain cryptocurrency is becoming increasingly popular among hackers and the creators of Loapi are no exception as this virus can also force the infected device to its processor for Monero mining. Due to this, the device could become pretty much unusable due to heavy consumption of processor time leading to a severe slow-down and fast battery drainage.
- DDoS – In addition to the previous functions of Loapi that we mentioned above, we must also say that this virus can take over your Android device and use it in DDoS attacks. What this means is that the Trojan would force all devices infected by it to create an overwhelming amounts of traffic towards a certain site or web service which would lead to the crashing or malfunction of its servers.
Loapi can evolve!
One other interesting thing about this particular piece of Trojan malware is that it can adapt and modify itself in order to expand the possible functions and tasks that it could get used to complete. Loapi has been reported to be able to download new modules making it technically possible for this virus to turn into a Ransomware, a banking Trojan, a Spyware virus or some other malicious type of software. It all really depends on what the cyber-criminal behind it wants to use it for.
How does the malware get distributed and how does it infect your device?
Most such malicious pieces of software get distributed as something that’s seemingly harmless. For example, this particular Trojan virus tends to get spread disguised as some application that the user might find useful or interesting. So far, we have received information that the most common disguise that Loapi uses is when it presents itself as an antivirus application or as an adult app. Oftentimes its could be difficult to realize that it is actually a virus since some of the icons this Trojan uses are very similar to the icons of actual antivirus applications so it’s easy to get mistaken. Alternatively, the malware could also get spread through misleading and fake malvertising banners and pop-ups that one could encounter when visiting questionable and/or illegal sites with shady reputation.
Once the malware app gets installed onto the targeted device, it would start popping-up a request for Administrator privileges. Even if the user denies the request at first, Loapi would continue to nag its victim with the pop-up request until the user gives in and allows the Trojan to gain Administrator rights. Once this happens, the actual stage of the infection begins during which the malware would carry out its functions that we already mentioned above. One interesting thing to mention here is that in case the user gets suspicious and tries to download a legitimate antivirus app the Trojan would target that app by displaying yet another pop-up claiming that the new antivirus is actually a malicious virus and offering to remove it. Again, the removal request pop-up would continue to get displayed until the user finally agrees to have the new AV uninstalled.
How to stay safe
As we already mentioned, Loapi uses shady apps and malvertising methods to get distributed to more devices. Because of this, you will need to be very careful when downloading and installing any new software on your Android device. Also, do not go to any questionable and suspicious-looking web addresses as those are one of the most common places where you can encounter malicious and potentially dangerous content such as fake and harmful ads and banners, unwanted downloads, fake online requests, etc. Also, getting an actual antivirus that you can trust and that is reliable is another good idea that will help you maintain a safe and secure Android device.