Kaspersky Labs have just reported the discovery of a new Android trojan malware in a cryptocurrency mining app. This is said to be using Android-powered phones to mine Monero tokens (a kind of cryptocurrency); an activity tha called Loapi. The primary function of this app is mining cryptocurrency. But far from that, the app is also capable of injecting ads into your smartphone and perform other DDoS attacks.
Now how do you get affected by Loapi? According to Kaspersky, Android users get affected by the Loapi Trojan by clicking on an ad banner and downloading a fake AV or adult-content app, and once the new downloaded app is installed, it begins demanding administrative rights by throwing notification after notification until the user grants it.
The biggest harm of the Loapi Trojan is that it uses Android smartphones to mine Monero tokens which overheats your device and damages your phone’s internals. According to Kaspersky:
Kaspersky Labs says “During our research, the battery of the test smartphone overcooked 48 hours after the device was infected.” Apart from mining, Loapi can also affect your phone with unwanted banner and video ads and can also download and install other apps, visit links, and open pages in Facebook, Instagram, and VKontakte — apparently to drive up various ratings.
Not stopping there, the Trojan can also sign up users for paid services and secretly sends text messages to mobile numbers confirming the authenticity of the paid subscription. It is even capable of deleting incoming and outgoing messages from the phone.
Kaspersky Labs suggests users Install apps only from official stores and disable all system settings like install from an unknown source that may be used against the phone. Additionally, the company also advised to install a reliable and proven AV for Android and regularly scan your device with it.