More threads by GaryQ

GaryQ

MVP
Member
THIS IS REALLY NASTY MALWARE!

Currency-mining Android malware is so aggressive it can physically harm phones

This is your phone on mining software. Any questions?
Dan Goodin - 12/19/2017, 2:40 PM

damagedphone800x526-1.jpg

A newly discovered piece of Android malware carries out a litany of malicious activities, including showing an almost unending series of ads, participating in distributed denial-of-service attacks, sending text messages to any number, and silently subscribing to paid services. Its biggest offense: a surreptitious cryptocurrency miner that's so aggressive it can physically damage an infected phone.

Trojan.AndroidOS.Loapi is hidden inside apps distributed through third-party markets, browser ads, and SMS-based spam. Researchers from antivirus provider Kaspersky Lab have dubbed it a "jack of all trades" to emphasize the breadth of nefarious things it can do. Most notably, Loapi apps contain a module that mines Monero, a newer type of digital currency that's less resource intensive than Bitcoin and most other cryptocurrencies. The module allows the malware creators to generate new coins by leaching the electricity and hardware of infected phone owners.
But the lower demands of Monero mining by no means stop Loapi from straining infected phones. Kaspersky Lab researchers tested Loapi in a lab setting. After two days, the mining caused the battery in the phone to bulge so badly it deformed the cover. The researchers provided the pictures above as evidence.

Drive-by currency mining on the rise
Over the past few months, a surge of sites and apps have been caught draining people's CPUs and electricity as they run resource-intensive cryptocurrency mining code. In a handful of cases, the apps or sites disclose what's happening, throttle down the mining, and ask users to participate as a form of payment. In the vast majority of cases, however, the mining is only discovered when users open monitors that track all processes or apps running on a device.

On Tuesday, officials at AV provider Sophos formally labeled all cryptocurrency mining without user consent as parasitic.

Loapi is a nuisance in other ways that go beyond covert coin mining. It sends an unending barrage of prompts for users to assign it administrator permissions. Once granted permission, Loapi makes it hard for victims to install security apps that can help disinfect the phone. It can subscribe a phone to costly premium services and even covertly send codes in SMS messages to confirm the request. It allows attackers to use infected phones as foot soldiers in DDoS attacks. And it displays a constant stream of ads. There are no indications Loapi apps have ever been available through Google Play.

"We've never seen such a 'jack of all trades' before," Kaspersky Lab researchers wrote. Later in the post, they added: "The only thing missing is user espionage, but the modular architecture of this Trojan means it's possible to add this sort of functionality at any time."

Source article: Currency-mining Android malware is so aggressive it can physically harm phones
 

David Baxter PhD

Late Founder
Antivirus utilities are already addressing the issue for PCs and laptops as well, as websites become infected and try to drop drive-by trojans on your systems. Windows Defender in Windows 10 already scans for known mining malware.
 

David Baxter PhD

Late Founder
The Cryptocurrency Mining Malware So Powerful It Deformed A Phone
By Alfredo Carpineti, IFLScience.com
20 Dec 2017

A group of Russian security researchers working at the Kaspersky Lab have analyzed a piece of malware that can hijack a person's phone and perform a wide range of malicious activities, among which is cryptocurrency mining. The software is so powerful that the constant load caused the battery in a test device to bulge after just two days.

The malware, known as Trojan.AndroidOS.Loapi, has been described as a "jack of all trades". Beyond the crypto-mining, it also bombards users with ads, can launch Distributed Denial of Service (DDoS) campaigns, subscribes the user to paid SMS services, and even fights off attempts to remove it.

The malware affects Android phones and once "malicious" files are downloaded, it redirects the phone's owner to the attackers' web resource, found to be disguised as antivirus software and adult content sites. Having invaded your phone, it pesters you until you give it admin privileges, which allows the malware to do whatever it wants.

The software is not just hellbent on taking over phones and annoying users as much as possible, it is also a nuisance to get rid of. Attempts at revoking access privileges result in the termination of the device manager app and a lock screen, with the malware posting ?Phone data will wiped [sic]. Are you sure?? to scare people off. It also detects the installation and launch of antivirus software (from a constantly updating list) and will claim the antivirus is the real malware if launched.

?Loapi is an interesting representative from the world of malicious Android apps," the researchers at Kaspersky wrote in their detailed analysis of Loapi. "Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it?s possible to add this sort of functionality at any time.?

If your device is infected, it might be extremely frustrating, but the malware can be fought off. However, it will probably be necessary to wipe your phone and reset it to factory settings. But it's better to start from scratch than have a melted phone, right?
 
Replying is not possible. This forum is only available as an archive.
Top