AVG has discovered new Android malware, dubbed PowerOffHijack, that has a very unique feature: it hijacks the shutdown process. After the threat makes it looks like your phone is off, it then proceeds to spy on you.
In other words, when you hit the power off button, your mobile device doesn't really turn off. You still see the real shutdown animation, and it appears to power down, but while the screen is black, your smartphone or tablet is still on.
While the device is in this state, PowerOffHijack can make outgoing calls (if you're using a phone), take pictures, and “perform many other tasks without notifying the user,” the security firm says.
Here is how the Android malware pulls off the stunt:
First, it applies for the root permission.
Second, after root permission is acquired, the malware will inject the system_server process and hook the mWindowManagerFuncs object.
Third, after the hook, when you press the power button, a fake dialog will pop up. And if you select power off option, it will display a fake shut down animation, leaving the power on but the screen off.
Last, in order to make your mobile look like really off, some system broadcast services also need to be hooked.
Here is PowerOffHijack's code for transmitting private messages:
Unfortunately, while AVG's report is extensive in describing Android's shutdown process, details are scarce in regards to the malware itself. There are no details as to how the security firm discovered the threat and how it gets onto an Android device in the first place.
Most Android malware infects devices by users installing shady apps from third-party app stores. Most threats are not found on Google Play, and most require side-installation (disabled by default on most Android devices).
We have contacted AVG for more details and will update you if we hear back. In the meantime, paranoid users can heed the security firm's advice: “if you want to make sure your mobile is really off, take the battery out.”
If, however, you're not wearing a tinfoil hat, pay attention to the apps you install and your Android device will be just fine.