Pierluigi Paganini February 20, 2015

Security researchers at AVG have discovered a new Android malware dubbed PowerOffHijack, which spies on users even when mobile is switched off.

Security researchers at AVG have discovered a new strain of Android malware which is able to spy on mobile users even when their mobile is off.

The malware could be used to control victim’s mobile device, the malicious software is able of making calls, sending out SMS and controlling cameras event when the phone is switched off.

The Android malware identified by the experts could operate even if the mobile device is off because it is able to hijack the shutting down process of the mobile device. In reality, the malware simulates the switch off deceiving the user, for this reason the experts called the malicious  PowerOffHijack.

“This malware hijacks the shutting down process of your mobile, so when the user turns the power off button to shut down their mobile, it doesn’t really shut down. After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.” is reported in a blog post published by AVG.

When the user presses the phone’s power button to switch off, the malware only makes it look like the device has stopped operating. PowerOffHijack is able to infect only mobile devices running Android versions below 5.0, the researchers estimated that nearly 10,000 devices have been already infected by the malware. The majority of PowerOffHijack infections was observed in China, where they started when the malware was distributed through the local official Android app stores.

The only way to be 100 percent sure that a mobile phone was really switched off, users have to remove its battery.

Pierluigi Paganini

(Security Affairs –  Android, PowerOffHijack malware)