Loapi Cryptocurrency Mining Malware Is So Powerful It Can Melt Your Phone

Security researchers have discovered a new form of powerful malware that secretly mines cryptocurrency on a person's smartphone, which can physically damage the device if it is not detected.

Researchers from the Russia-based cybersecurity firm Kaspersky investigated the malware, dubbed Loapi, which they found hiding in applications in the Android mobile operating system.

The malware works by hijacking a smartphone's processor and using the computing power to mine cryptocurrency—the process of confirming cryptocurrency transactions by completing complex algorithms that generate new units of the currency.

Loapi physically broke a test phone used to study the malware after just two days of the device being infected with it.

"Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," the Kaspersky blog states.

loapi malware android melt smartphone
The mining module of the malware caused so much strain on a phone testing Loapi that it caused the battery to bulge and the cover to deform. Kaspersky Labs

Read more: Over 500 million PCs are secretly mining cryptocurrency, researchers reveal

The new malware is noted for its versatility, capable of generating money from a user's device by showing them adverts, subscribing them to paid services and using the smartphone's computing power to mine cryptocurrency.

"Samples of the Loapi family are distributed via advertising campaigns," the blog states. "Malicious files are downloaded after the user is redirected to the attackers' malicious web resource. We found more than 20 such resources, whose domains refer to popular antivirus solutions and even a famous porn site."

"It's [sic] creators have implemented almost the entire spectrum of techniques for attacking devices...The only thing missing is user espionage, but the modular architecture of this Trojan means it's possible to add this sort of functionality at any time."

Loapi is part of a growing trend among cyber criminals to leverage the processing power of computers, smartphones and other devices in order to generate revenue from mining cryptocurrency.

In October, research by ad blocking firm AdGuard found that over 500 million people are inadvertently mining cryptocurrencies through their devices after visiting websites that run mining software in the background.

Separate research from earlier this year found that cryptocurrency mining software was present in popular websites, including Showtime and the torrenting site ThePirateBay.

In the future, industry experts have suggested that browser mining could become a legitimate and ethical way of making money for websites, so long as permission from the visitor is requested first.