It isn’t the first time we’ve heard of malware that can be used in a modular fashion to wreak havoc on devices. Kaspersky Lab researchers have found a version of malware that will download a cryptocurrency miner that will overload the components of Android phones and essentially destroy them. Loapi, as it’s being called is yet another evolution of malware, like GozNym before it that uses a component structure to do what it wants to do. This one is a newer version of one found in 2015. It will do some of the same things, such as bypass CAPTCHA verification, but can also do so much more.
What is the “more,” you may ask? It can inject adware, show ads in other apps that are installed, open URLs in the browsers to show ads, download and install apps, launch distributed denial of service (DDoS) attacks, use the SMS function and subscribe users to premium texting services.
Loapi will most certainly damage the device if it isn’t removed, but more importantly try not to let it get on the device in the first place. It is hidden in third-party app stores as one of two things: Mobile anti-virus or adult-themed apps. If you want to download apps, go to the official Google Play Store for them. While there is no guarantee you won’t find malware in there, the odds are lower than if you sideload them from third-party locations.
Also, make sure to research the apps before putting them on any device. Read the reviews, make sure the developer is reputable, and if there aren’t many reviews, perhaps give it a little longer before downloading them. Let other early-adopters figure out any problems with them first.
One way to tell that Loapi may be on your device is if you get constant popups asking for various rights, including administrator rights. Don’t let it wear you down, should you see any app asking for those. Administrator rights will rarely, if ever be needed for any application you install. Pay attention to the access any app asks for and if it doesn’t need it, don’t grant it.
If Loapi manages to wear the user down with its barrage of popups, it will deactivate the administrator account and the device will need to be rebooted in to Safe Mode to remove the malware. This procedure is different for each device, so contact technical support for help if necessary.