Kaspersky Lab, the Russian based cyber security company, announced that the company’s cybersecurity experts have discovered an Android malware, which has the power to mine cryptocurrency.
Called as “jack of all trades”, this malware exploits the phone’s computing power to mine cryptocurrencies, flood contacts with text messaging spam, overwhelm the phone with ads, and more. In fact, after witnessing the phone warp, the researchers noted that "the only thing missing is user espionage," meaning the malware didn't spy on or monitor the phone owner's activities.
Kaspersky Lab, in a blog post, said, "Users pick up the Loapi Trojan by clicking on an ad banner and downloading a fake AV or adult-content app (the most likely vehicles for this Trojan)." The Trojan will then lock the screen if the user does not give it admin rights.
Trojan.AndroidOS.Loapi is hidden inside apps distributed through third-party markets, browser ads, and SMS-based spam.
Malicious software lurks most everywhere these days — even, at times, in the Google Play app store and Apple's App Store. Nowhere is truly safe, but the official app stores have a substantially more secure auto-approval process.
Over the past few months, a surge of sites and apps have been caught draining people's CPUs and electricity as they run resource-intensive cryptocurrency mining code. In a handful of cases, the apps or sites disclose what's happening, throttle down the mining, and ask users to participate as a form of payment. In the vast majority of cases, however, the mining is only discovered when users open monitors that track all processes or apps running on a device.