Malware Detected: Cryptocurrency
Let us start they trying to shed light on some who don’t know/understand what cryptocurrency is? As the name suggests its a form of digital money designed to be secure and anonymous. It uses a technique called cryptography a process used to convert legible information into an almost uncrackable code, to help track purchases and transfers. Cryptocurrencies allow users to make secure payments, without having to go through banks. Bitcoin has the distinction of being the first cryptocurrency, having been introduced in 2009 by an unknown person called Satoshi Nakamoto.
Cryptocurrency is an encrypted decentralized digital currency transferred between peers and confirmed in a public ledger via a process known as mining. This is how it works every single transaction made and the ownership of every single cryptocurrency in circulation is recorded in the blockchain. The blockchain is run by miners, who use powerful computers that tally the transactions. Their function is to update each time a transaction is made and also ensure the authenticity of information, thereby ascertaining that each transaction is secure and is processed properly and safely.
For one to be a miner you need a computer and a special program, which helps miners compete with their peers in solving complicated mathematical problems. This would need huge computer resources. In regular intervals, miners would attempt to solve a block having the transaction data using cryptographic hash functions. Hash value is a numeric value of fixed length that uniquely identifies data.
But know we have a problem in the field Researchers at Kaspersky Lab have identified a family of modular Android malware dubbed “Loapi,” which is capable of mining the Monero cryptocurrency, inundating users with advertisements, automatically subscribing the user to paid services, and participating in DDoS attacks, among other functions.
Reports from Android police states that the malware is distributed through advertising campaigns, and is generally disguised as either an antivirus or pornographic app. After installation, the malware asks the user to grant administrator permissions in a loop until the permissions are granted. It also checks for but does not use root permissions. However, given the modular nature of the malware, this could be used in the future.
“Loapi can communicate with a number of command & control servers. These servers can load additional modules and receive lists of apps which may attempt to remove or limit the permissions granted to the malware. If these apps are installed, the malware flags the legitimate security app as malware and forces a loop prompting the user to remove the security app until the user acquiesces. The malware also locks the screen and closes the device manager, warning the user that the phone data will be wiped,” said Kaspersky Lab Securelist
The Malware is an interesting representative of the world of malicious Android apps. Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time.