AVG Detects Malware That Spies On You When Your Android Device Is Shut Down
A well-known cybersecurity firm AVG has discovered a new malware targeting devices running Android. The malware is said to take over shut down process of Android-powered smartphones and tablets to perform malicious activities.
The malware, which is dubbed as PowerOffHijack, makes the device appear as if it is turned off when actually it isn’t. It mimics the shutdown behavior of the device, turning off the screen and then it can spy on user’s activities.
The users will see shutdown animation and all the behavior an Android smartphone depicts before shutting down, but the device would not actually shut down. While the screen would be off just like it is when when the smartphone is powered off, the malware would be able to initiate outgoing calls, take photos or perform many other tasks without notifying the user.
AVG explained in the blog post about the sequence of functions that are called when you press power button on your device. When you press the power button, certain functions are called one of which is the showGlobalActionsDialog used to show prompt asking you to power off and reboot etc. So the malware injects its code into the functions called during the shutdown process by acquiring root permission.
Once it has successfully injected the code, it would display a fake prompt asking you to shutdown and fake animation to mimic shutdown process. It would also turn off some of the services in order to do its work successfully. As a result, the screen would be turned off, your device would appear to be powered off, but malware would be spying on you in the background.
AVG has not explained how the company detected the malware. But it has told that the malware is targeting devices running Android version below Lollipop, which are more than 90 percent of total Android devices.
The malware was first detected in China where it originated from Chinese app stores. According to AVG, around 10,000 devices have been infected so far.
“We see it being spread in the app market in China and it’s being offered through official app stores in that market,” an AVG spokesperson told VentureBeat.
Note that these app stores are not Google Play, as Google’s app store is not available in China.
The only remedy, recommended by AVG until a security patch has been issued, is that you take your battery out if you want to power your device off. In addition, users are also recommended to keep an eye on apps being provided through these app stores as they carry malwares other than PowerOffHijack as well.
Android ecosystem keep facing security issues every once in a while. Last year, an exploit in its WiFi mechanism was used to leak location history of the user.
The question here arises: Does open-source nature of software make them more secure or more vulnerable?