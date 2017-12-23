On one side of the spectrum, creative developers are coming with new and innovative apps for Android users, on the other side, some developers are also creating tools to create all sorts of problems for users.

There is a new malware which can make your smartphone go up in smoke, literally! What is more worrying is that your smartphone can get infected even if you are downloading the app from Google Play Store, said Kaspersky in a blog post.

The Trojan named Loapi is picked up by users by clicking on an ad banner and downloading a fake anti-virus or adult-content app (the most likely vehicles for this Trojan).

Once downloaded and installed with the app, the Trojan demands administrator rights —and it doesn’t take no for an answer; notification after notification appears on the screen until the desperate user finally gives in and taps OK.

The Trojan then deprives the user of administrative rights virtually taking control of the phone.

If a user tries to download a real anti-virus, the Trojan will declare that a malware and force to stop the action. Apparently, the Trojan can be controlled by a remote server and download and install the necessary add-ons all by itself.

Fake apps which can carry Loapi Trojan to your devices. Source: Kaspersky

This is how the Trojan will harm your device, according to Kaspersky:

Cryptomining: The Trojan Loapi uses mobile phone’s power to mine Monero coins. Monero is another form of digital currency akin to bitcoin. Resultantly, the device can heat up after a prolonged operation and battery of the phone ends up baked.

Unwanted ads: Like multiple other malware in the market, Loapi also tries to infect the smartphone with banner and video ads. “This module of the Trojan can also download and install other apps, visit links, and open pages on Facebook, Instagram, and VKontakte—apparently to drive up various ratings,” said Kaspersky.

Paid subscription: The Trojan can sign up for paid subscription by sending secret SMSes. What’s more, all messages (both outgoing and incoming) are immediately deleted.

DDoS attacks: Loapi Trojan has a module which can launch a distributed denial of service attacks by requesting HTTP requests from the infected device. For this, it uses a built-in proxy server. DDoS attacks, as the name suggests denies users of any service on the phone and locks them out of it.

Downloading new modules: The most frightening feature is that the Trojan can download new modules in order to adapt to any new cash-out strategy its creators develop. For example, one day it might transform into ransomware, spyware, or a banking Trojan, said Kaspersky.

How to protect yourself from Loapi

1. Though the Trojan can infiltrate official sources but it is advised download apps only from Google Play store. The chances of picking Loapi will be far lower here than any unofficial sources.

2. Make sure that installation of apps from unknown sources is unchecked in your settings.

3. Download only those apps which you need. Lesser harmful apps mean lesser dangers of being infected.

4. Install an anti-virus application. Even free versions can be highly effective against such Trojans.