Malware creators are getting increasingly cleverer with their creations. The latest example of this comes in the form of the “PowerOffHijack” malware. This malware has the ability to hijack the turn off feature of an Android smartphone and continue operation in stealth mode after the phone has apparently been shut down.
The malware was discovered and analyzed by the AVG mobile security team and reported on in a recent blog post. “After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on. While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.”
The malware can only function properly on Android phones that have been “rooted” (this means the phone was cracked to allow the highest level of access), as it needs to have access to protected system functions. Once it gains root privileges, the malware injects malicious code into the ShutDownThread.shutdown process, thus intercepting the shutdown process and replacing the original dialog window for a fake one. If you tap the option to turn off you phone from the selection menu, the phone will display the official shutdown animation, followed by an apparent turn off of the device. At this point, however, the device is still on, connected to the network and ready to spy. Some functions, such as ringing, ability to turn the screen off, and the LED light, have been disabled in order to not “blow the cover.”
Among other things, the spyware has the ability to:
- Record phone calls
- Intercept private messages
- Take pictures
The lesson we can take from all this? If you need 100% privacy, you have to take out the battery on your phone every time.