Skip to content

Loapi Android malware mines cryptocurrency and damages phones

Researchers at Kaspersky Lab have discovered a new Trojan malware which misuses Android smartphones. Dubbed as Loapi, the malware has some very serious consequences on affected Android phones including unwanted ads and physical damage due to overheating.

The Loapi malware is found in ad banners or in fake Anti-Virus apps. Kaspersky Lab writes, “Users pick up the Loapi Trojan by clicking on an ad banner and downloading a fake AV or adult-content app (the most likely vehicles for this Trojan).” The malware after being installed sends multiple notifications and even locks the screen if the user does not give it admin rights.

How does Loapi malware operate and its effects

As mentioned, when users click on an ad banner or downloading a fake Anti-Virus or adult-content, the malware sends pop-up notifications. After being installed through such apps, Loapi demands admin rights and it doesn’t even take no. It sends notification after notification on the screen until the user finally has to tap OK.

Loapi can be hidden in these apps (Source: Kaspersky)

Further, if the users try to deny the admin rights, Loapi locks the screen and even closes the settings window. If users download a genuine antivirus, the malware declares them as malware and demands their removal.

Apart from the aforementioned issues, the Loapi Android malware can also cause the following problems.

Unwanted Ads

Loapi continuously fills the infected smartphone with banners and video ads. Further, the module of the Trojan can also download and install other apps, or visit links, and open pages on Facebook and Instagram to drive up various ratings.

Paid subscriptions

Another effect of the Loapi malware is that it can lead users to paid services. Such subscriptions usually need to be confirmed by SMS but another special module of the malware sends a text message to the required number secretly and deletes all messages immediately to prevent the user from noticing them.


Battery Overheat (Source: Kaspersky)

Loapi also uses smartphones to mine Monero tokens. The mining activity can overheat your device because of the extended operation of the processor at maximum load. In their research, Kaspersky members find the battery of the test smartphone overcooked 48 hours after it was infected.

Downloading new modules

Apart from that, with the help of command from a remote center, the malware can also download new modules. So, its creators can develop even more malware and one day it might transform into ransomware, spyware, or a banking Trojan.

How to protect yourself from the Loapi malware

In order to protect yourself the malware, you can follow some very simple rules.

First of all, install apps only on official sites and Google Play Store. Google has a dedicated team responsible for spotting apps with malware. Also, Trojans can hardly infiltrate into official stores.

Moreover, make sure you have disabled the installation of apps from unknown sources. Go to Settings->Security and ensure that the Unknown sources checkbox is not selected.