New Android Loki Trojan Infects Android OS libraries, Deletion Can Render A Device Non-Operational

Malware, Threat

New variant of the Android Loki

Security researchers have identified a new variant of the Android Loki family of Trojans which can now infect native Android OS libraries. The trojan, Loki, was first uncovered in gone February 2016 by Russian antivirus vendor Dr.Web.

The trojan version which was detected in February was capable of injecting itself into processes of various applications, including system-related ones.

Android Loki proved to be very impactful in infecting Android operating system. Security researchers say Loki was one of the first malware who was able to infect the devices and sit right inside core Android operating system processes.

New Android Loki inherited the feature from its earlier version, but it did not stop. The new version infects deeper, it can now infect Android libraries as well.

Loki used mainly for showing unwanted ads

The newest version named Android.Loki.16.origin stealthily downloads and installs software on Android devices.

It is well known that a trojan is capable of stealing content from the infected device, creating a backdoor, intercepting communications and much more.

Despite its capabilities, the author behind Loki only used it to download other apps from third party stores and show unwanted ads. This came as a surprise to the security researchers.

Loki Downloaded with Android Apps from Third Party stores

Loki relies on ‘unaware’ users who does not hesitate to install Android apps from third-party stores. Many of these apps are malicious and contain Loki and an exploit to elevate the malware’s privileges so it can tamper with core Android OS files.

Once Android Loki run, it connects to command and control servers and downloads the additional component. It downloads several exploits to get root level privileges on the android device.

Firmware update required once infected

Security Researchers at Dr.Web stated “Android.Loki modifies system components, and its deletion can render a device non-operational. In order to make device operation again, it will require going through the firmware update. A process that will delete all personal files”.

The security researchers suggested android users avoid third party App stores which are filled up with the malicious applications which when installed may lead to security compromise of android handheld, even lead to data ex-filtration.