PowerOffHijack spies on Android, even when devices are off

The malicious app makes it appear as if your device is turned off, when it's actually active

Newly discovered Android malware has surfaced that could spy on users' actions even when their device appears to be switched off.

PowerOffHijack was discovered by AVG, and is thought to have spread through Chinese app stores onto 10,000 devices.

The malicious software will only work on rooted devices running Android KitKat or below and takes effect when a user activates the hardware power switch to turn off their device.

The company explained the malware attacks a device when you request it to shut down: "First, it applies for the root permission. Second, after root permission is acquired, the malware will inject the system_server process and hook themWindowManagerFuncs object.

"Third, after the hook, when you press the power button, a fake dialog will pop up. And if you select power off option, it will display a fake shut down animation, leaving the power on but the screen off. Last, in order to make your mobile look like [it's] really off, some system broadcast services also need to be hooked."

Although the device appears to be switched off, it can operate independently, making calls, taking photos and sending data, often accessing the user's personal data too.

AVG said Android users should remove their batteries to switch off their devices, if they're concerned it may be infected, or install AVG's mobile antivirus product that can detect if malware is running.

Last year the Selfmite worm was uncovered that, like PowerOffHijack, could control devices without the user knowing, sending out SMS messages and - in some cases - extracted money from Android users.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021
Hackers develop Linux port of Cobalt Strike for new attacks
Security

Hackers develop Linux port of Cobalt Strike for new attacks

14 Sep 2021