Kaspersky Lab has identified a new computer virus called Loapi which masquerades as anti-virus or adult-content apps in order to entice Android device owners into downloading it.
After being installed, however, Loapi starts incessantly bombarding the user with requests to grant it administrator rights until he or she relents.
Once it is firmly in control, Loapi starts exploiting the infected device in earnest.
The program can spam the smartphone owner with unwanted ads; stealthily sign him up for various paid services and subscriptions (Loapi even sends text messages required to confirm such actions and immediately deletes both incoming and outgoing messages related to this activity); use the infected device to perform DDoS attacks against targets designated by the person in control of the malware; mine Monero cryptocurrency tokens; and, last but not least, the program is capable of downloading new modules in response to remote commands issued by its creator, potentially transforming itself into other types of malware like ransomware or spyware.
Also, while engaging in cryptocurrency mining the program mercilessly exploits the hijacked device, forcing it to operate at maximum capacity and possibly causing it to expire due to overheating. For example, during an experiment performed by Kaspersky Lab specialists, the battery of a test smartphone "overcooked" 48 hours after the device was infected by Loapi.
According to Kaspersky Lab experts, the best way to protect your smartphone from this new threat is to avoid installing apps you don’t really need, only get your apps from official stores, disable the installation of apps from unknown sources and, of course, use reliable anti-virus software.