Cyber security researchers have discovered a piece of cryptocurrency-mining malware so strong that it can cause physical damage to the infected smartphone.
Known as Loapi, the malware was discovered hiding in applications for the Android smartphone operating system — yet another way hackers exploit Android's OS.
Hijacking the infected device's processor, the malware uses its power to perform tasks, which includes mining cryptocurrencies like bitcoin. Mining bitcoin is performed after confirming currency transactions that happen by completing complex mathematical equations — this generates new blocks of currency.
With bitcoin's value soaring from $1,000 at the start of 2017 to over $15,000 in December, cybercriminals are keen to install mining malware on as many devices as possible. New bitcoins which can be exchanged for US dollars or any other traditional currencies.
Discovered by researchers at Kaspersky Lab, the Loapi malware places such high demands on the infected device that after just two days a test device used by Kaspersky broke apart due to an expanding battery.
"Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," the researchers said in a blog post.
Described as a "jack of all trades", the malware was also found to "subscribe victims to paid services, send text messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device."
The Kaspersky team added: "The only thing missing is user espionage, but the modular architecture of this Trojan means it's possible to add this sort of functionality at any time."
The app was installed on devices via fake advertisements placed inside malicious Android apps, Kaspersky Lab said. Many of the ads falsely promoted popular antivirus software.
Unlike Apple's iOS, Android devices can download and install apps from third-party app stores, where security procedures and vetting against apps filled with malware are less effective than those employed by the Google Play store.