Android Users, Beware Of PowerOffHijack: This Malware Spies On You After Faking Phone Shutdown

Cybersecurity company AVG has discovered a new malware targeting Android-powered devices that takes over the shutdown process of the smartphones and tablets.

The malware, which has been dubbed the PowerOffHijack malware, makes the device look like it is really turned off when a user shuts down the device. However, the device is not really off, and that is when the malware strikes to spy on the user.

Users turning off their Android gadgets will see the shutdown animation happen and the device power down. However, while the screen is turned off, the device is actually still on. Once the device reaches this state, the malware can then initiate outgoing calls, take photos or "perform many other tasks without notifying the user," AVG wrote in a blog post detailing the malware.

The malware applies for and acquires root permission to be able to inject a code that hijacks the shutdown function of the device. Once the code has infected the device's system, pressing the power button results in a fake shutdown prompt popping up, followed by a fake shutdown animation. The result is a powered-up smartphone or tablet with its screen turned off, with certain services also compromised to make the device look really powered down.

While the AVG blog post explains how the malware affects Android devices, details regarding the malware itself are scarce in the post, including how the company came across the malware.

A spokesperson for AVG told the news website that PowerOffHijack targets devices running versions of Android below the recently released Android 5.0 Lollipop.

"We found around 10,000 devices were infected so far, as it's a fresh technique, and most of those were in China, which is where it was first introduced," the spokesperson said.

The AVG spokesperson added that the malware is being propagated through the Chinese app market, where PowerOffHijack is bundled in with app stores in the country. The malware's requirement to acquire root permission means that it is not the kind of malware that can infect devices that are being used to simply browse through the Internet.

The app stores where PowerOffHijack is being spread in China are not Google Play, though, as Google's app store is not available in China.

AVG's recommendation to combat the malware, at least until a security patch has been issued for PowerOffHijack, is to remove the device's battery if users want to turn off their Android gadgets. In addition, users are once again reminded to avoid downloading shady apps from app stores, as they could come with malware such as PowerOffHijack.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics