This Extremely Powerful Cryptocurrency Mining Malware Can Melt Smartphones

Cybersecurity analysists recently stumbled upon a powerful new malware that mines cryptocurrency without a user ever knowing. It's so powerful, in fact, that the malware will damage the device's hardware if not detected. 

The Kaspersky cybersecurity firm in Russia (which has made headlines of its own recently) investigated the mysterious Loapi malware. The virus has been found hiding in apps throughout the Android operating system, cleverly disguising itself. 

The range of damage done by Loapi runs deep. The malware can show constant ads, participate in denial-of-service attacks, send out random text messages, and subscribe to paid services using a smartphone user's attached credit card information. And it does this all while mining for cryptocurrency by leaching the electricity and hardware circuitry of the infected phone. 

During the Kaspersky trial run to see just how powerful the malware was, the researchers noticed that the phone's exterior started to warp. 

"We've never seen such a 'jack of all trades' before," Kaspersky Lab researchers wrote in the blog post. Later on, they added: "The only thing missing is user espionage, but the modular architecture of this Trojan means it's possible to add this sort of functionality at any time."

Once it's downloaded, the researchers noted that the malware also sends so many prompts that make it nearly impossible for a phone owner to download security apps to purge the virus. It never stops. 

"Loapi is an interesting representative from the world of malicious Android apps. Its creators have implemented almost the entire spectrum of techniques for attacking devices," the team wrote.

Cryptocurrency Leaching for Mining

The issue isn't isolated to Loapi's particular breed of malware. The internet is being slowly filled by crypto miners who covertly drain other computers in order to have more power to mine. 

Earlier this year, ad blocker AdGuard reported 220 sites on the Alexa top 100,000 list present crypto mining scripts to over half a billion people. In just three weeks, those 220 sites garner $43,000 USD. 

Another ad blocker is taking a stand. Antimalware company Malwarebytes started limiting access to CoinHive mining because of owners who never asked users' permission. 

[see-also]

"The reason we block CoinHive is because there are site owners who do not ask for their users' permission to start running CPU-gorging applications on their systems," the company noted in a statement announcing the change. "A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl."

Unfortunately, as cryptocurrencies like Bitcoin continue their meteoric ascent to higher values, the demand for them will continue to rise as well. And with higher demand comes increasing chances that people will resort to unscrupulous measures to get a piece of the highly-valued pie.