PowerOffHijack – Android Malware Can Spy On You Even When Your Mobile Is Off

The people at TheHackerNews.com wrote a article on a new attack against Android devices that tricks users into believing they have powered off their device so they can spy on them. The original post can be found HERE.

Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues “spying” on the users’ activities in the background. So, next time be very sure while you turn off your Android smartphones.

The new Android malware threat, dubbed PowerOffHijack, has been spotted and analyzed by the researchers at the security firm AVG. PowerOffHijack because the nasty malware has a very unique feature – it hijacks the shutdown process of user’s mobile phone.
When users presses the power button on their device, a fake dialog box is shown. The malware mimics the shutdown animation and the device appears to be off, but actually remains on, giving the malicious program freedom to move around on the device and steal data.

“After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on,” AVG’s mobile malware research team explained in a blog post. “While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.”


Once installed, the malware asks for root-level permissions and tampers with the ‘system_server‘ file of the operating system to affect the shutdown process. The malware particularly hijacks themWindowManagerFuncs interface, so that it can display a fake shutdown dialog box and animation every time the victim presses the power button.
The nasty malware is apparently being propagated via third-party online app stores, but the researchers haven’t mentioned the names of the the innocent-looking apps, also they haven’t explained how the malware gains the root access of the device. The code shown by AVG appears to contact Chinese services.
According to the company, PowerOffHijack malware infects devices running Android versions below 5.0 (Lollipop) and requires root access to perform the tasks.
So far, PowerOffHijack malware has already infected more than 10,000 devices, mostly in China where the malware was first introduced and offered through the local, official app stores.
PowerOffHijack malware has ability to silently send lots of premium-rate text messages, make calls to expensive overseas numbers, take photos and perform many other tasks even if the phone is supposedly switched off.
In order to get rid of PowerOffHijack malware, users are advised to take some simple steps:

  • To restart infected device manually just take out the battery.
  • Remove malicious, untrusted and useless apps from your Android device.
  • Do not install apps from 3rd Party app stores.
  • Make sure you have a good anti-virus installed and updated on your mobile devices. AVG antivirus product can detect PowerOffHijack malware.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.