Loapi is an Android malware variant that appears to have evolved from the Podec Android malware. Loapi has a sophisticated modular structure and components for a variety of functions, including: mining the Monero cryptocurrency, downloading and installing additional apps, launching distributed denial-of-service (DDoS) attacks, and injecting ads in the notification area, among others. The cryptocurrency mining function causes the device to overheat and overwork the phone’s components, causing the battery to bulge and the phone’s cover to deform. Loapi is found hidden in antivirus apps and adult-themed apps advertised on third-party app stores. The apps inundate users with pop-ups until the user provides them with administrative rights and allows them to uninstall legitimate antivirus apps from the device. To maintain persistence, the malware will close the Settings window if the user attempts to deactivate its administrator account and, if the user attempts to install an app that could detect the malware's presence, Loapi will display a fraudulent message on the screen claiming it detected malware and prompts the user to delete the app. Users will have to boot their device in Safe Mode to remove Loapi-infected apps.
- Securelist provides technical details of Loapi here.