A new Trojan, described to be capable of doing anything due to its nature, has been discovered lurking in the Android mobile operating system. Loapi Trojan is not called "jack-of-all-trades" for nothing.
Like most malicious programs, Loapi "relentlessly plagues the owner of the infected smartphone with banner and video ads", according to cybersecurity firm Kaspersky Labs. It can also download apps, visit links or open pages on Facebook, Instagram and Russian social network VKontakte to drive up ratings. However, this Trojan can do so much more than that; worst possible experience is that it could steal money from your credit cards.
How Loapi Trojan works
Loapi is modular in nature, making it capable of switching functions at a remote server's command. It can automatically download and install add-ons it needs to fulfil its purpose. There are a couple of activities Loapi can perform on your Android device; one of them is the involuntary signing of paid subscriptions.
While paid subscriptions usually have to be confirmed via email or SMS, this Trojan uses a special module that secretly sends a text message to the required number. Any outgoing and incoming messages will then be removed.
Also read: 2017 Worst Passwords List
DDoS (Distributed Denial of Service) attacks against web sources is another destructive activity it does. Hackers behind this malicious program can have a full control of your phone using a built-in proxy server and send HTTP requests from the impacted device.
Loapi is also capable of mining a virtual currency, specifically Monero coins. Mining activities can overheat less capable smartphones and it could overcook it within 48 hours of infection.
The most alarming of all is that Loapi is capable of camouflaging to any forms of cyber theft. Kaspersky Labs writes: "It might transform into ransomware, spyware, or a banking Trojan."
How to protect yourself
Considering the potential damage it may inflict on you, precautionary measures should be observed among Android device owners by all means. Kaspersky Labs has recommended installing only apps from the Play Store and avoid those that are from unknown sources.
Read the full report here.