‘Versatile Android malware has Monero miner on board’
Researchers at security company Kaspersky have discovered Android malware that has a Monero miner on board. The malware can also perform other functions such as show ads and perform ddos attacks.
According to Kaspersky, the malware has a modular design that allows it to be used for various purposes. The malware is distributed outside the Play Store and pretends to be security or porn apps. The miner module generates revenue in the form of the cryptocurrency Monero for the criminals behind the malware. Kaspersky calls the malware Loapi.
Kaspersky installed the malware on a test device for analysis and claims that the battery began to swell after two days due to the constant activity of the miner. That’s not to say that the malware will damage every phone, but it will at least affect battery life. Monero is suitable for mining with a CPU, but a phone will most likely not generate much income. Kaspersky makes no statements about this.
The malware asks for administrator rights after installing one of the malicious apps. This happens repeatedly, until the user grants them. The malware also asks for root access, but does not use that access in the current version. Loapi is also able to close the active window if the user tries to revoke the permissions of the app.
One of the main functions of the app is to aggressively display advertisements on an infected smartphone. There is also a web crawler to register victims with various wap payment services. According to Kaspersky, the malware shares similarities with the so-called Podec malware, which was active in 2015.