It is called PowerOffHijack and has a very distinct feature: it compromises the Android device’s shutdown process and spies on you.
Your phone will appear switched off to you but in reality it will be spying on you.
It happens so because the malware hijacks the shutdown system of your phone due to which the device doesn’t turn off when you hit the power-off button.
You will see the actual shutdown animation and your smartphone or tablet’s screen will appear black as well, but the device will stay on.
In this state, the malware PowerOffHijack can easily make outgoing calls, capture images and perform several other tasks without the knowledge of the user.
How PowerOffHijack Works?
It involves a step-by-step process for hijacking the device and performing tasks.
- It requests for the root permission
- Once it has been acquired, the system_server process is injected with malware and the mWindowManagerFuncs object is hooked
- After hooking, when you press the power-off button, a fake dialog box will appear asking for confirmation and once you click Yes a fake shutdown animation will run
- The device’s screen will turn black, but it will be on
- To create a genuine impact the malware will hook some of the system broadcast services as well
Digging Deeper into the issue:
Although AVG extensively described the malware’s attack process in its report but other relevant details such as how the malware lands on the Android devices in the first place still remain a mystery.
This is what the security firm AVG’s spokesperson has to say about the latest malware issue:
“We see the malware targeting Android below 5.0 and require root permissions in order to hook. We found around 10,000 devices were infected so far, as it’s a fresh technique, and most of those were in China which is where it was first introduced. We see it being spread in the app market in China and it’s being offered through official app stores in that market.”
Since it is obvious that root permission is required, therefore, it is now clear that you cannot pick-up the malware from the web.
Usually, a majority of Android malware infect the device because users often install shady apps from third-party sources/app stores.
Google Play is most unlikely to propagate threats and most of these threats also require side-loading, which by default is disabled on Android devices.
AVG advises users to take the battery out to make sure that their device is really off and not just mimicking the switch off mechanism.