NYU Wordpress Theme

Parasitic Android Malware – Loapi

A newly discovered Android Malware called Loapi, which has been dubbed the “jack of all trades” to emphasize its versatility, is among other things, a cryptocurrency miner of the digital currency Monero.

Loapi is distributed through malicious third party applications and most often poses as fake antivirus software. Once installed, it attempts to take control of your phone. A lot of computing power is required to create coins, and devices are essentially hijacked once a user grants permission as part of the application install process. The phone battery will eventually begin to overheat and expand, popping out the phone’s internal components. Additionally this malware has been shown to subscribe to paid services, display an unending series of ads, and participate in distributed denial of service attacks via text messaging. Loapi also sends prompts to the user seeking assignment of administrator privileges. Once these privileges are granted, it then becomes difficult for users to to install security applications.

While not fool-proof, the best recommendation continues to be that users of both Android and Apple devices should only install applications from reliable sources, such as Google Play or Apple’s App Store. If you suspect your device has become infected, we recommend that you shut your phone down immediately, consult with your device manufacturer, and restore following a wipe of your device.

For more information, please see:

Gooligan/Googlian Android Malware steals Google credentials

Researchers at Checkpoint, Inc. have found a family of malware which, when installed on vulnerable Android OS version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) gives the hacker full control of the device. Then it steals Google credentials to give the hackers access to all Google apps. The malware can be downloaded a link in a phishing message or text, or be installed through software downloaded from a third-party site. According to the researchers, more than one million accounts may have been compromised, about 57 percent of devices infected by Gooligan are located in Asia, about 19 percent are in the Americas, about 15 percent are in Africa, and about 9 percent are in Europe.

Google has been actively shutting down compromised accounts as they are found, and has made available instructions for “Verify Apps” https://support.google.com/accounts/answer/2812853?hl=en so that people can check the apps they have and prevent installation of malicious software in the future. There is also a list of known infected apps at the Checkpoint URL listed below in the notes.

Notes:

http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

http://arstechnica.com/security/2016/11/1-million-android-accounts-compromised-by-android-malware-called-gooligan/