New drive-by cryptomining malware can physically damage a phone

midian182

Posts: 6,677   +59
Staff member

Drive-by cryptomining— a practice that uses the CPUs of website visitors to mine crytpocurrencies—has already been found in sites from the Pirate Bay, Showtime, and Politifact, and is gaining popularity. It was recently reported that some sites could utilize other people’s hardware in this way even after they closed their browsers. But a newly discovered piece of Android malware surreptitiously mines Monero so intensely that it can cause physical damage to a phone.

Researchers at Kaspersky Lab say Trojan.AndroidOS.Loapi is distributed through advertising campaigns, though it’s also found in third-party markets, browser ads, and SMS-based spam.

Once installed, the application, which usually comes disguised as an antivirus or porn app, requests device administrator privileges, asking for them in a loop until a user gives in to the harassment and finally agrees. It also checks for root permissions—something the malware could use in the future.

Mobile-based drive-by cryptomining isn’t the only nefarious action this malware performs. It also bombards users with ads, secretly subscribes them to paid services, participates in DDoS attacks, and send texts to any numbers. The sheer number of actions it can perform has led Kaspersky to name it a “jack of all trades.”

But the worst aspect of Loapi is the way it uses handsets to mine Monero. After just two days of exploiting a phone’s electricity and hardware, researchers found the constant load had caused the device’s battery to bulge and deform the cover.

“We've never seen such a 'jack of all trades' before,” said Kaspersky Lab’s researchers. “The only thing missing is user espionage, but the modular architecture of this Trojan means it's possible to add this sort of functionality at any time.”

As always, the best way to avoid Loapi is to avoid downloading suspicious apps from untrusted sources. It sounds obvious, but plenty of people still do it.

Permalink to story.

 
J

Jamlad

If the battery is bulging after a two day load then that's a HW design issue.
 

Kashim

Posts: 160   +148
If the battery is bulging after a two day load then that's a HW design issue.
Not really. No phone or phone battery was designed for non-stop full load usage for days at a time. It's like running your toaster 24 hours a day instead of 5 minutes at a time, and then complaining it's a hardware fault when it burns out.
 

VitalyT

Posts: 5,498   +5,102
Researchers at Kaspersky Lab say Trojan.AndroidOS.Loapi is distributed through advertising campaigns

Political campaigns by any chance? That would explain why the US shut Kaspersky down across the country :)

They are too efficient, knowledgeable, and happen to be the best anti-virus, which doesn't work well for the government that likes its folks to stay dumb and browser-invaded :)
 

beachbowi

Posts: 15   +8
Researchers at Kaspersky Lab say Trojan.AndroidOS.Loapi is distributed through advertising campaigns.
Political campaigns by any chance? That would explain why the US shut Kaspersky down across the country :)


No, they shut down Kaspersky in the U.S. because they were an agent of the Russian Kremlin. If you knew this and still made your comment, then you are likely little more than a Russian shill.
 

bexwhitt

Posts: 528   +218
Researchers at Kaspersky Lab say Trojan.AndroidOS.Loapi is distributed through advertising campaigns

Political campaigns by any chance? That would explain why the US shut Kaspersky down across the country :)

They are too efficient, knowledgeable, and happen to be the best anti-virus, which doesn't work well for the government that likes its folks to stay dumb and browser-invaded :)

only USA government shills are OK Russian ones are bad
 

beachbowi

Posts: 15   +8
The owner of Kaspersky Labs has close ties with Russian leader, Putin. If you are a responsible U.S. government official, you would have to be a complete id!ot (not there aren't enough of those) to run a Russian application that weaves itself into every corner of your computer operating system with network access to other government agencies. The fact that Kaspersky wasn't shut down sooner is what amazes me.
 

tipstir

Posts: 2,854   +200
Block apps from calling home (no app should be using your cell phone to make calls) Block outside access. Disable notifications. Use Adblocker Browser for Android for ads to be block. Just don't download trashy poorly develop apps that steal your life away. Cell phones are made to be use 24/7. Your carrying your life with you always. Press send to make contact and Press end to sleep.. Pest will make your life a living hell.
 

cliffordcooley

Posts: 12,696   +6,056
Someone needs to learn that 20% increase in production, which leads to 40% loss of hardware, does not equate to maximum gains.
 
If the battery is bulging after a two day load then that's a HW design issue.
Not really. No phone or phone battery was designed for non-stop full load usage for days at a time. It's like running your toaster 24 hours a day instead of 5 minutes at a time, and then complaining it's a hardware fault when it burns out.
Every normal phone nowdays has HW sensors, that should monitor temp overloading and throttle CPU down.