Most Android malware is at best annoying, but rarely does it cause physical damage to a phone.
Not so with Loapi, a newly-discovered trojan with a cryptocurrency miner that worked a phone so hard its battery swelled up and burst open the device's back cover.
Kaspersky Lab researchers found the malware lurking in about 20 bogus apps. The researchers decided to infect an Android phone with the malware, which wrecked the phone within 48 hours.
Cryptocurrency miners are known to cause wear and tear on hardware by using a CPU to solve a cryptographic challenge. This generates a hash that earns the miner a cryptocurrency reward, which in this case goes to Loapi's makers, rather than the device's rightful owner.
Loapi uses Android phones to mine the bitcoin-alternative Monero. It's not the first Android malware to attempt this, but it's unusual for a miner to cause this much damage in such a short time.
Besides mining, Loapi has several other capabilities that earn its makers money at the expense of a victim's phone and bandwidth.
Kaspersky researchers say they've never seen such a "jack of all trades" piece of Android malware before. Loapi also bombards victims with endless ads, can use the device to launch a distributed denial-of-service attack, can send SMS messages to any number, and subscribe to paid-for services on behalf of the victim.
"Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," Kaspersky said.
The malware has a self-defense feature that enables it to reach a command-and-control server for a list of apps that that could detect it, such as legitimate antivirus apps. If a targeted security app is launched, the malware displays a "malware detected" alert and asks if the user wants to uninstall it. In fact, the victim has little choice but to agree to uninstall the app as the message is shown in a loop that won't disappear until give in.
Loapi has several modules that work together to earn its creators money. The web crawling module works with the advertising module to open URLs and display ads. Kaspersky's test found it opened a massive 28,000 URLs in 24 hours. This was the other major source of damage to the battery.
Android apps with hidden coin miners have been showing up with greater frequency, including in apps distributed on Google Play.
Expect to see more miners silently chewing up CPU resources through your browser.
Stealthy and persistent cryptocurrency-mining malware is hitting Windows machines.
Read more on Android malware
- Android security: Sneaky three-stage malware found in Google Play store
- BankBot Android malware sneaks into the Google Play Store - for the third time
- From Pokémon Go to a botnet: FalseGuide malware infects 600,000 Androids
- This bank data stealing Android malware is back - and it's now even sneakier
- Android malware in Google Play racked up 4.2M downloads: Are you a victim?
- New Google Play Store malware highlights disturbing trend of multi-stage Android attacks (TechRepublic)
- Google purges malicious Android apps with millions of downloads (CNET)