Brian Jackson - Fotolia

Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?

Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis.

A new type of Android malware was discovered recently after it physically harmed a phone. Researchers from Kaspersky Lab are calling it a jack-of-all-trades because it can perform a variety of malicious activities. What are these activities, and what steps can users take to avoid this type of attack?

Cyberattacks that cause unintended physical damage to devices are less common than typical cyberattacks, and they are often detected only as a result of that damage. For standard functionality, cyberattacks use well-known software development best practices, such as using modular development and incorporating known working libraries, as this lowers the development costs and can maximize profits for the attacker.

Kaspersky Lab found a piece of malware -- named Trojan.AndroidOS.Loapi -- that meets that criteria and is considered a jack-of-all-trades for its diverse functionality.

Trojan.AndroidOS.Loapi malware has a modular architecture and, after two days of analysis, caused a phone to overheat and the phone cover to deform. Unlike when a Samsung Galaxy Note 7 previously caught fire, if your phone or laptop overheats, there is probably suspicious activity occurring that you should investigate.

For example, Trojan.AndroidOS.Loapi has modules for displaying ads, sending SMS messages, web crawling to subscribe the user to for-fee services, a proxy module to turn the device into a web proxy and the ability to mine Monero. The SMS module has several uses as a part of the command-and-control connection and spreads the malware along with generic capabilities to use SMS messages.

Kaspersky reports that the malware is installed by opening malicious URLs to install apps from SMS messages and through advertising campaigns. Because the malware isn't distributed through the Google Play Store, you can prevent infection by only installing apps from the Play Store. In addition, an endpoint security tool may help stop malicious applications.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Application and platform security

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close