Malware and virus have been here long since the advent of computers and touch-screen mobiles in 2000s, but 2017 has been the most devastating year to date, as we witnessed the deadly cyber attacks and ransomware affecting government and corporate companies spanning almost all countries in the world.

Now, Russia-based premier security firm Kaspersky has detected a new-age virtual Trojan dubbed Loapi, wherein it has sophisticated tools to steal sensitive credit card details, intimate photos, highjack the devices from remote location, mine cryptocurrency tokens and shockingly can blow up a device if the owner doesn't notice the malware before it's too late.

How Loapi malware enter smartphones?

It has come to light that Loapi is a family of malware codes, which can perform different criminal activity depending on the type of the person operating the phone and it is found in Google's Android ecosystem, particularly in fake Antivirus apps and adult content applications.

Ransomware
[Representational image] Android Malware Alert: Kaspersky busts deadly Trojan Laopi that can blow up your mobile batteryCreative Commons

Once installed, the malware-riddled app asks for administrator rights to seek full access to the contents of the phone, if not provided, it will hound the user by popping messages on the phone's screen until he/she gives up.

Later, if the user comes to know its malicious activities and tries to take away the administrator rights, it will close the settings window and lock the screen. If the owner tries to install any genuine Anti Virus, Laopi, in a bid to discourage the attempt, will pop a warning message on the screen that the app is fake and asks the user to uninstall the latter immediately.

Here's what Loapi malware can do to your smartphone:

As per Kaspersky research studies, Loapi is known to randomly pop ads forcing users to open client's websites, url links, Facebook posts, Instagram, among others, to boost their ranking and traffic.

It can also independently download and install apps, subscribe to paid services without device owner's knowledge. Even the services that require SMS authentication, the Trojan sends the text confirmation and later delete them, so that there is no trail left behind for any transactions.

Furthermore, Loapi malware can turn a phone into a zombie and hijack it to use in DDoS attacks against Web resources. To do so, it uses a built-in proxy server and sends HTTP requests from the infected device, Kaspersky claims.

Loapi malware is deadly, literally!

What's makes Loapi scarier than any other malware in the world is that Loapi uses the victim's smartphones to mine Monero cryptocurrency tokens online. Apparently, this activity can overheat the mobile device as a result of the prolonged operation of the processor at maximum load.

During Kaspersky's research, the battery of the test smartphone overcooked 48 hours after the device was infected. If it is left unattended, the phone would blow up in smokes and cause severe burn injuries to the owner.

Here's how to protect your Android smartphones from Loapi and others malware:

Though the blame for Loapi's existence partly lies with Google for not fully scrutinising the apps on its Play store, but also mobile device owners are also equally guilty. To be on a safer side, always follow the below guidelines:

  • Always keep your smartphone updated to the latest firmware. Most companies in collaboration with Google send software updates — especially security patches on priority basis and always make sure to update them immediately
  • Make sure to use premium Antivirus software, which also provides malware protection and internet security
  • Never open emails sent from unknown senders
  • Never install apps from unknown websites
  • Never install apps from unfamiliar publishers even on Google Play store

Stay tuned. Follow us @IBTimesIN_Tech on Twitter for the latest news on cybersecurity.