Android malware
Ad-displaying malware apps got into the Google Play Store through links promoted on Facebook Pages. Blogtrepreneur/Flickr

A new strain of malware known as Loapi has been discovered on Android devices. While some malware has been known to destroy files, this brand of virus can do actual damage to the physical phone it has infected.

First spotted by security researchers at the Russia-based cybersecurity firm Kaspersky Lab, Loapi is capable of overworking an infected device’s hardware, resulting in the Android-powered phone or tablet suffering physical damage.

Loapi inflicts its harm by downloading a cryptocurrency miner that will generate the digital token Monero. The miner uses the device’s processing power to solve complex equations and verify transactions, which in turn earns the attackers Monero.

There are plenty of instances of a similar style of attack, in which a hidden cryptocurrency miner uses an unsuspecting person’s computing power to generate income. The attacks are known as cryptojacking and have become a relatively common problem online.

The difference between those attacks and the one carried out by the Loapi malware is Loapi will literally work a machine until it is unable to function. The malware will mine of Monero until the infected phone or tablet begins to overheat. That can cause the battery on the device to enlarge and bulge of out its casing. It can also deform the phone’s cover and potentially produce more damage.

In addition to mining for Monero, Loapi can also inject malicious advertisements in the web browser, notification area and even in other apps. It’s capable of downloading other apps without the user’s permission and interacting with the phone’s SMS function to sign the victim up for premium texting services that cost money.

Loapi is even capable of using the infected device as a bot in a denial of service attack, in which thousands of hijacked devices are used to direct web traffic at a single source in order to knock it offline or make it inaccessible to others.

Because of the malware’s flexibility, the malware has been dubbed the “jack of all trades” by Kaspersky. Its multiple means of attack also make it particularly dangerous for victims who unwittingly download the malware, as it can do financial and physical damage.

According to researchers, Loapi is currently found primarily on third-party app stores that have not been endorsed or approved by Google. It is often disguised as an adult-themed app or, ironically as a mobile antivirus.

Once installed on a device, Loapi begins to annoy the victim with an endless stream of pop up notifications asking the victim to grant administrator privileges on the device. The popups don’t stop until the user agrees.

After being granted administrator rights, Loapi begins to hijack the device. In order to make sure it isn’t undermined, the malware encourages victims to uninstall actual antivirus software on the device that may discover its true purpose. It also notes when the user attempts to open the Settings app to deactivate the administrator account and closes the window before the victim can revoke the privileges.

For those unfortunate enough to be infected by Loapi, the only way to remove the malware to reboot the device in Safe Mode and change the settings to remove administrative privileges and remove the infected app. In Safe Mode, third-party apps cannot operate.