mobile-phone-2510529_1280
Broken phone. Pixabay

A mischievous type of Android malware, dubbed Loapi, has been discovered by Kaspersky Lab researchers. Whereas other mobile trojans can be compared to a spatula, this new type of malware is a multipurpose jackknife. Once infected, the device is placed under extreme stress that can prove fatal to the hardware.

Referred to as a “jack of all trades” by the researchers, Loapi is capable of subscribing the user to paid services, sending text messages, forcing ads on the phone, mining cryptocurrencies and more. Writing for the Kaspersky blog, the investigators found that the malware is downloaded as soon as the device is redirected to multiple web resources disguised as antivirus software and adult content sites.

The malicious app then pressures the user into providing it with device admin permissions. As soon as it gains privileges, it then hides its icon from the menu. Its self-protecting mechanism works by brute force. If the user attempts to revoke permissions, the malware “locks the screen and closes the window with device manager settings,” according to the Kaspersky blog.

As soon as it downloads modules, Loapi begins its dirty work. First is the ad module, which displays advertisements such as video banners and notifications. It can open URLs of social media pages such as Facebook and Instagram. Worse, it can download other applications to allegedly boost the owners’ ratings.

Next is the SMS module attack, in which the device is used to send SMS messages to a server. While doing so, the web crawling module may work in the background to secretly subscribe to services the user doesn’t intend to. “Sometimes mobile operators send a text message asking for confirmation of a subscription,” Kaspersky wrote. “In such cases the Trojan uses SMS module functionality to send a reply with the required text.”

Arguably the most lethal attack involves the mining module, which forces the device to mine Monero cryptocurrency. It does so in the most unforgiving manner, that when Kaspersky tested the malware on their phone, “the battery bulged and deformed the phone cover.”

The news of Loapi comes a month after malicious apps were discovered in Google Play. ESET, which detected the malware, exposed a multi-stage trojan able to embezzle users for details such as credit card accounts.