Loapi ! An android malware that will physically hurt your device

Researchers at Kaspersky Lab have identified a family of modular Android malware dubbed "Loapi" which is capable of mining the Monero cryptocurrency, inundating users with advertisements, automatically subscribing the user to paid services, and participating in DDoS attacks, among other functions. A surreptitious cryptocurrency miner that's so aggressive it can physically damage an infected phone.

The cryptocurrency mining module maintains a load sufficiently high enough to cause physical damage to a test device after two days the above photo shows a device which overheated to the point the battery bulged.

Trojan.AndroidOS.Loapi is hidden inside apps distributed through third-party markets, browser ads, and SMS-based spam and according to the researchers, the malware is distributed through advertising campaigns, and is generally disguised as either an antivirus or pornographic app.

Over the past few months, a surge of sites and apps have been caught draining people's CPUs and electricity as they run resource-intensive cryptocurrency mining code. In a handful of cases, the apps or sites disclose what's happening, throttle down the mining, and ask users to participate as a form of payment. In the vast majority of cases, however, the mining is only discovered when users open monitors that track all processes or apps running on a device.

After installation, the malware asks the user to grant administrator permissions in a loop until the permissions are granted. It also checks for but does not use root permissions. 

However, given the modular nature of the malware, this could be used in the future.

Loapi can communicate with a number of command & control servers. These servers can load additional modules and receive lists of apps which may attempt to remove or limit the permissions granted to the malware. If these apps are installed, the malware flags the legitimate security app as malware and forces a loop prompting the user to remove the security app until the user acquiesces.

The malware also locks the screen and closes the device manager, warning the user that the phone data will be wiped.

Given the encumbrances to removing the app on the phone, the best course of action is likely to uninstall via adb. There is no indication that the malware has been distributed via Google Play. That said, installing mysterious apps from unknown sources is not advisable.