Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Loapi' Cryptocurrency Mining Malware Is Causing Phone Batteries To Bulge (newsweek.com)

Posted by BeauHD on from the too-hot-to-handle dept.

An anonymous reader quotes a report from Newsweek: Security researchers have discovered a new form of powerful malware that secretly mines cryptocurrency on a person's smartphone, which can physically damage the device if it is not detected. Researchers from the Russia-based cybersecurity firm Kaspersky investigated the malware, dubbed Loapi, which they found hiding in applications in the Android mobile operating system. The malware works by hijacking a smartphone's processor and using the computing power to mine cryptocurrency -- the process of confirming cryptocurrency transactions by completing complex algorithms that generate new units of the currency. Loapi physically broke a test phone used to study the malware, after two days of the device being infected with it. "Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover," the Kaspersky blog states.

55 comments

  1. Re:How much more negative stories do we need? by Anonymous Coward · · Score: 0

    Well, this is a way of driving the economy. All those bulged batteries will need a replacement.

  2. Re:How much more negative stories do we need? by Anonymous Coward · · Score: 0

    Ban? It's a feature. Which apps have this malware? Time for a in-warranty, carrier provided phone upgrade. "My current phone has a bulging battery. Sadly I can't replace it. Please send me a new one. Shall I ship the fire hazard phone back to you?"

  3. Phone problem, not really malware's fault by dunkindave · · Score: 5, Insightful

    In all fairness, if using the phone extensively can cause the battery to bulge, then that is a problem with the phone's or battery's design. The fact it is made more likely to occur by the malware doesn't change that the phone's design is flawed.

    1. Re:Phone problem, not really malware's fault by torkus · · Score: 2

      Agreed. Even under heavy use a phone should reach thermal equilibrium in 15-20 min...with no parts getting any hotter then they already are...and that should be within the design temp for the device and battery.

      Now, if this test phone broke because they let it run for two days and during which it was subject to temp fluctuations (such as the sun coming through a window and cooking the phone) then this isn't especially news beyond 'battery failing as intended during extreme heating'

      I have to wonder though - how much can you really mine from phone CPU and GPU? I guess if you have infected millions of them...but phones are generally harder targets than computers and have much, much less processing capacity.

      --
      You can get rich if you own a politician, but you have to be rich to buy one in the first place.
    2. Re:Phone problem, not really malware's fault by Hal_Porter · · Score: 3, Insightful

      Batteries swell when they worn out. And they wear out faster at higher temperature.

      https://www.newscientist.com/a...

      Something like cryptocurrency mining will max out the CPU, which will draw more power which increase temperature.

      Lithium ion batteries are basically consumables and need to be user replaceable. Sadly most electronics seems to be moving in the direction of non user replaceable batteries which makes it consumable too.

      If it's a $20 pair of Bluetooth headphones I suppose it doesn't matter. If it's a $600 phone, I think it very much does.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    3. Re:Phone problem, not really malware's fault by 140Mandak262Jamuna · · Score: 1

      If it's a $20 pair of Bluetooth headphones I suppose it doesn't matter. If it's a $600 phone, I think it very much does.

      The phone makers agree with you, it matters. Where they differ is, you think it is bad and they think it is good.

      It means a steady supply of rubes who will line up to buy a new model every two years. Make it user replaceable, and these skinflint users, with absolutely no loyalty or gratitude or appreciation for the phone makers, continue to use the phone for three, four or even five years. Wall street demands performance every quarter. Miss the wall street whisper numbers, thats it, they punish the stock, the price does not hit the trigger points, and stock options and bonuses dont get awarded, it is catastrophic.

      And here you go crabbing about some user saving a few hundred dollars.... Tell me, in the bigger scheme of things, which is bigger, 600$ or several hundred million dollar bonuses?

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    4. Re:Phone problem, not really malware's fault by Hal_Porter · · Score: 2

      Yeah, pretty much. I found an interesting article on Motley Fool about cell phone replacement cycles

      https://www.fool.com/investing...

      Apple and Samsung are pushing to shorten them to sell more phones and non replaceable batteries, slowing the phone with each upgrade and moving to people where they replace each year is a way to do that. Meanwhile Americans tend to keep their phones longer and longer, probably because they're pissed off that phones are being increasingly defeatured.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    5. Re:Phone problem, not really malware's fault by drinkypoo · · Score: 1

      Meanwhile Americans tend to keep their phones longer and longer, probably because they're pissed off that phones are being increasingly defeatured.

      Nah, it's the same thing that happened to desktops. The phones are fast enough for all the stuff they want to do on them already.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:Phone problem, not really malware's fault by Hal_Porter · · Score: 1

      I used to look forward to getting a new phone, these days I put off as long as I can.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    7. Re:Phone problem, not really malware's fault by thegarbz · · Score: 1

      Batteries swell when they worn out. And they wear out faster at higher temperature.

      If they do this in 2 days then it is still a phone design flaw.

  4. Kaspersky, eh? by Anonymous Coward · · Score: 0

    I bet they say it was the North Koreans. I bet all the bitcoins, litecoins, smashcoins, spacebucks, sawboards, and Spice I possess that it comes out that it's always the North Koreans.

  5. LOL, flawed hardware! by evanh · · Score: 2

    The phone's designers need shot for that one. You can complain about the software flattened the battery but not for setting the battery alight.

    It's like someone playing a game then complaining the game makes the laptop overheat. Same story, the hardware combination is the problem, not the program running on it.

    1. Re:LOL, flawed hardware! by Calydor · · Score: 2

      There is one thing you should consider, though.

      There is no phone on the market that can run at 100% CPU use for two days without being plugged in.

      If your phone runs at 100% CPU use for any kind of extended time, it gets HOT. Like, really painful-to-touch hot.

      If your phone gets this hot and you don't know why, you should shut it down and get it repaired.

      It lasts for two days under operating parameters that are so incredibly unlikely (if not considering malware of this sort, obviously) that the biggest complaint really should be that the phone doesn't automatically shut down, NOT that the battery physically can't take it.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:LOL, flawed hardware! by AHuxley · · Score: 1

      Problems when using the device at 100% CPU/GPU at full battery should have been the first tests done with any generation of design.
      Does the device deal with the heat at the max settings and just use battery power normally.
      If that device can run at 100% gpu/cpu when powered then thats a total fail.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:LOL, flawed hardware! by Anonymous Coward · · Score: 0

      This, and slightly more.

      Any manufacturer that doesn't run thermal chamber tests under stress fails in their design process. Min/max operating temp shouldn't be dependent on what the user is doing with the device. Assume the worst, and then factor in grandparents (best verification advice imo).

    4. Re:LOL, flawed hardware! by drinkypoo · · Score: 1

      If your phone runs at 100% CPU use for any kind of extended time, it gets HOT. Like, really painful-to-touch hot.

      I've done a bit of android benchmarking, and this is not universally true.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Re:How much more negative stories do we need? by Anonymous Coward · · Score: 0

    Sure. Call the cops. That'll fix everything.

  7. DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

    If you want mine your own cryptocurrency, you need a motherboard with 19 PCIe 1X slots to plug in 19 GPUs and a couple of 1200W PSUs.

    1. Re:DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

      How good does your cryptocurrency mining rig feel when you stick your dick in it?

    2. Re:DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

      With three 1200W PSUs plugged in, it should be electrifying.

    3. Re:DIY Cryptocurrency Mining... by magarity · · Score: 1

      Mining via a million unsuspecting phone owners beats any individual motherboard no matter how many slots.

    4. Re:DIY Cryptocurrency Mining... by Fly+Swatter · · Score: 1

      Your affiliate link is way overpriced, looks like it debuted at 200 - those laughable 3rd parties all want 300+. Anyone that buys that is a moron (and I base that on your intended purpose, not the price).

    5. Re:DIY Cryptocurrency Mining... by Fly+Swatter · · Score: 1

      I wonder how many of those golden bitcoins are actually made on stolen hardware? It would be an interesting statistic.

    6. Re:DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

      Golden bitcoin! mined on stolen hardware with stolen electricity.

    7. Re:DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

      All warm and tingly.

    8. Re: DIY Cryptocurrency Mining... by Anonymous Coward · · Score: 0

      It's A CDReimer/Creimer, what did you expect? The dude spams slashdot with affiliate links. I'm actually going to start reporting him to Amazon for spam. Hopefully they ban his account.

  8. Re:How much more negative stories do we need? by rmdingler · · Score: 1

    Well, this is a way of driving the economy. All those bulged batteries will need a replacement.

    The glazier's fallacy pretty much explains the failed logic of your contention.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  9. Re:Cheap Android phones by rogoshen1 · · Score: 1

    well no, the iPhone would throttle down to 486 dx2 speeds after a few minutes.. but hey, you'd be able to play commander keen pretty well.

  10. Not the Software's Fault by TheFakeTimCook · · Score: 1

    The fact that the battery bulged is not the fault of the hideous, shitty cryptomining software; but rather the fault of the shitty CHARGING CIRCUIT (and/or shitty Battery) in the crappy (no doubt Android) PHONE that Kaspersky used in their testing.

    Software not actually used in the CHARGING process CANNOT cause a battery to bulge.

    TERRIBLE story.

  11. So what they're saying here... by mark-t · · Score: 1

    .... is that they've invented viagra for batteries?

    --
    File under 'M' for 'Manic ranting'
  12. Poor Cellphone Design! by BrendaEM · · Score: 1

    A properly designed cellphone should shut down or throttle to prevent overheating.

    --
    https://www.youtube.com/c/BrendaEM
    1. Re:Poor Cellphone Design! by istartedi · · Score: 1

      Amen! Also, good system software on the phone should warn you that an app is consuming that much power. You might not feel the extra heat right away; but if you're not doing anything with your phone and you look at it and see a power consumption tile flashing like crazy then you'd be tipped off.

      --
      For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  13. Re:How much more negative stories do we need? by Anonymous Coward · · Score: 0

    They don't even compare to the damage done by traditional currency.

  14. 4500mAh by Anonymous Coward · · Score: 0

    4500mAh... Bring it on

  15. Another Android first!! by Anonymous Coward · · Score: 0

    Will Android fanboys claim this one as another "Android had it first" feature?

    It's unlikely since they all seem to ignore the massive amount of malware and malicious apps in the Android ecosystem.

  16. Re:How much more negative stories do we need? by sheramil · · Score: 1

    Ban cryptocurrencies already. Look at the damage they do the environment.

    Of COURSE! That's the answer - ban them! Because no bad people would continue to use them once they'd been banned, right?

  17. APK is a retard, his shit don't work on phones by Anonymous Coward · · Score: 0

    Too bad APK proves he is a retard yet again and his shit don't work on phones. It is as effective as an anti-virus that only blocks viruses based off of file names.

  18. Sure hosts do & this is how... apk by Anonymous Coward · · Score: 0

    A rooted Android phone & the ADB (android debugging bridge) pull command can import output hosts from my work & iPhone's that have GodMode (SSH into it as Apple's own personnel can).

    APK

    P.S.=> Now, as to WHO is a retard here? The above makes YOU out a retarded liar & nothing you do (which is nothing BUT nothing @ all, lol) works - much less your bullshit lies! apk

    1. Re:Sure hosts do & this is how... apk by IWantMoreSpamPlease · · Score: 1

      Wouldn't it be easier to have a real website where this could be downloaded from, rather than relying on a random google search to some questionable site?
      I mean really Alexander, how hard is it to create a website these days?

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
  19. Orly? by slashmydots · · Score: 1

    Is it really the malware's fault or is it the idiot phone designers who didn't test or didn't care that the phone can't run at 100% CPU usage indefinitely without damage? Playing Pokemon Go could have caused the same effect.

  20. Another marketing hype by freedom4us · · Score: 0

    What a stupid news from Kaspersky. "Broke the phone", "hijack the processor", "bulging battery", "complex algorithms", "mining cryptocurrency" all meaningless trendy marketing words. Seems like they need some new market after US blockage.

  21. What's questionable about Start64.com? by Anonymous Coward · · Score: 0

    What's questionable about Start64.com? Malwarebytes' hpHosts also hosts + recommends my work http://hosts-file.net/?s=Download/ as well.

    * I don't have to bother w/ creation of a site, securing it OR paying for it etc. - et al ...

    APK

    P.S.=> I would like you to address my initial question in my subject & 1st line above though - I use them EXCLUSIVELY since they are ALL ABOUT 64-bit wares (the future - even though I keep a 32-bit model of my ware)... apk

    1. Re:What's questionable about Start64.com? by IWantMoreSpamPlease · · Score: 1

      "Shareware" sites like Start64 are blocked where I work. Self-hosted sites, are not.

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
  22. Re:How much more negative stories do we need? by TheCastro1689 · · Score: 1

    What you need to do is break rich people's stuff. They're hording money, and not spending it on anything.

  23. What kind of shit phone are you buing? by Anonymous Coward · · Score: 0

    My *Chinese* phone does not ger very hot, even under continued cpuburn and gpuburn tests.

    Yes, it will "only" last 8 hours with all 8 cores, bit you definitely can buy Chines phones that run two days with full power on a single battery. Buy the one with the largest battery and the weakest, slowest cpu made with the smallest feature size process. It will probabl cost &lt$100 aswell. ^^

  24. LOL - "great rationale" (not)... apk by Anonymous Coward · · Score: 0

    See my subject & that's no valid justification - it literally has nothing verifiable behind it (& as IF you have a job too).

    * Don't like that? PROVE it!

    (Of course, when you live behind a FAKE NAME for your FAKE LIFE? You won't be able to validly, lol (& you know it - this IS the price of your reprehensible NO BALLS life))

    APK

    P.S.=> By the way - it's FREEWARE TOO @ Start64.com, as my program is (100% no cost & it works)... apk

    1. Re:LOL - "great rationale" (not)... apk by IWantMoreSpamPlease · · Score: 1

      Take it to e.mail. I am a public servant (very easy to find)

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
  25. Easy to block LoApi's C&C servers in hosts by Anonymous Coward · · Score: 0

    0.0.0.0 ronesio.xyz
    0.0.0.0 api-profit.com
    0.0.0.0 mnfioew.info
    0.0.0.0 mp-app.info

    * SOURCE -> http://www.theregister.co.uk/2017/12/19/android_trojan_has_miner_so_aggressive_it_can_bork_your_battery/

    (Hosts work on rooted droids (ADB pull command to import hosts) & iPhones that have Godmode as apple folks have (SSH in))

    APK

    P.S.=> For even more protection vs. millions of other online threats of MANY kinds + MORE speed & reliability online (other "so-called 'security solutions'" only show you down by way of comparison)? Accept NO substitute for APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

  26. "Public Servant"? Wageslave... apk by Anonymous Coward · · Score: 0

    See subject & you PROVE IT RIGHT HERE publicly! You can't & if you use an alleged work email? You're not working posting /. instead (which I'm sure your alleged employer would love to know) + I never saw a name like "IWantMoreSpamPlease" on a BIRTH CERTIFICATE!

    * Assuming you even HAVE a real job (which I doubt @ this point)? Do you THINK you can 'set me up' so you can say "he is spamming my work mail" you stupid shit?? No. That "ain't happenin'" fool!

    APK

    P.S.=> ... You FAKE NAME for your FAKE LIE OF A LIFE, lol... apk

  27. Re:"Public Servant"? Wageslave... apk by IWantMoreSpamPlease · · Score: 1

    Goddamn you're a moron aren't you? No wonder you've been banned from all manner of websites (here, OS News, ArsTech, the list goes on). I started with a polite question, and you go all retard on me (and plenty of other people I've seen)
    You're an adult (supposedly), act like one Alexander.

    --
    So rise up, all ye lost ones, as one, we'll claw the clouds.
  28. LOL! I knew you couldn't prove you work by Anonymous Coward · · Score: 0

    See subject: You fake name for your fake lie of a so-called life. Ars got run out of their IRC chatroom easily by "yours truly"!

    So much for their 'technical expertise' which extends to googling facts or stealing others' code - that's what set them off too when I pointed THAT fact out & they had ZERO & I was already making it in publications, commercially sold successful code + programs to MY name & credit!

    (... & YEARS later only had 1 guy who died produce anything decent @ all in Roelof's SETI monitor, albeit YEARS later & long after I left)

    I wasn't banned - I left as I couldn't stand the "ne'er-do-well" STINK of that shithole!

    PLUS?

    Nobody can 'ban me' IF I don't want to be banned & you all know it!

    HOWEVER:

    IF I want to snuff out a website? It would only literally take me about 5 minutes to do so, IF I want... but I find it more satisfying to make dolts like yourself EAT YOUR WORDS & come off as the STRAIGHT-UP FOOLS you are (behind "phantasyland" fake names online, lol!).

    APK

    P.S.=> Stooge, face facts - a MILLION of "your kind" aren't worth 1 of me as you're "ne'er-do-well" do-nothing wannbes with nothing to your name/credit of any worth (hence your fake names online fantasies, lol) & OSNews? I never even posted there, ever (unless someone impersonated me, which happens here from useless dolts like you quite a lot (I have 100's of that recorded in fact))... apk