Android device shutdown hijacking software appears in China

Android device shutdown hijacking software appears in China

[[127995]]

Antivirus company AVG recently discovered an Android malware called "PowerOffHijack" that works in a unique way: it hijacks the shutdown process. PowerOffHijack makes your phone look like it is turned off, and then snoops on your phone.

In other words, when you press the power off button, your device does not actually shut down. Although you still see the shutdown screen and the screen turns black, your phone or tablet is actually on.

When your Android device is in this state, PowerOffHijack will make phone calls, take photos, and "perform other tasks without the user's knowledge."

Here’s how this Android malware hijacks your computer:

First, it gains root privileges.

Then, after gaining root privileges, the malware injects itself into the system_server process and hijacks the mWindowManagerFuncs object.

Then, when you press the power button, a fake dialog box will appear. If you choose to shut down, it will show a fake shutdown screen with the screen off but the phone on.

Finally, in order to make your phone look like it is really turned off, some system broadcast services are also hijacked.

Here is the code for PowerOffHijack to record the call:

Here is the code that PowerOffHijack uses to send a private message:

While AVG has published numerous reports describing how PowerOffHijack hijacks the shutdown process, there is little information about the software itself. AVG did not explain how they discovered the malware, nor how it got onto Android devices. The fact that the software requires root access means it won't just access your phone while you're browsing the web.

Most Android malware enters Android devices when users install suspicious apps from third-party app stores.

"We found that this malware targets Android systems below 5.0, it requires root privileges, and so far we have found about 10,000 devices infected, mostly in China because it first appeared in China. We see it spreading in the Chinese app market," an AVG spokesperson told reporters.

<<:  Apple releases second beta of iOS 8.3 to developers

>>:  Cortana UI is like this now, why don’t you chat with it?

Recommend

Tmall Super Brand Day: A marketing revolution that turns joint marketing into IP

Recently, I was impressed by Tmall’s “coolness” a...

Working on big data every day, where do you spend your time?

After working in big data for so many years, have...

Mother's Day poster copywriting collection!

On Mother's Day , We are all calling for mate...

Google Photos app can still automatically back up after uninstallation

David Arnott , editor of the Nashville Business J...

What? Can the verification code I fill in every day be used for charity?

CAPTCHA is a security mechanism widely used in we...

Why do you try so hard to keep up with the latest trends?

Chasing hot topics is something that operators of...

How to use heap and stack in iOS

Both heap and stack are data structures where dat...

How to quantify and analyze the effectiveness of operational activities

I believe that for many analysts who are just sta...

There are 4 signs after infection, the virus may have invaded your lungs

White lung is a verbal concept in imaging, used t...

How scary is the "Black Widow" seized by customs?

Recently, the Xiamen Customs in Fujian intercepte...