Malware Pretends to Shut Your Phone Down, Then Steals Your Data

Discussion in 'Android News' started by Jeffrey, Feb 21, 2015.

  1. Jeffrey

    Jeffrey Premium Member
    Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    6,686
    Likes Received:
    3,548
    Trophy Points:
    1,578
    Location:
    Thailand
    Ratings:
    +4,036
    Current Phone Model:
    iPhone 7 Plus JB
    [​IMG]

    AVG, the internet security firm has announced the discovery of a new piece of malware that is targeting Android Smartphones.

    The malware, known as the PowerOffHijack, hijacks the shutdown process making it appear that your rooted device has turned off. The device is not off. It just looks as if it is. Now, the malware starts stealing data.

    Based on the way the malware operates, it's unlikely that users will be aware that the malware has infected their device. When powering down, users are presented with their regular shutdown animation, which makes it look as if the device is about to shut down as normal.

    AVG, states that the malware originated in China where it is thought to have infected more than 10,000 devices.

    For more info, head over to AVG where they posted snippets of the actual code.
     
  2. 94lt1

    94lt1 Super Moderator
    Staff Member Premium Member

    Joined:
    Jan 16, 2012
    Messages:
    17,152
    Likes Received:
    4,040
    Trophy Points:
    1,138
    Location:
    SE TX
    Ratings:
    +4,530
    Current Phone Model:
    Droid Turbo 2
    I'll never look at shut downs or forced reboots the same way lol
     
    • Like Like x 2
  3. dezymond

    dezymond Tech Support Mod
    Staff Member Premium Member

    Joined:
    Nov 11, 2009
    Messages:
    12,079
    Likes Received:
    1,506
    Trophy Points:
    573
    Location:
    Bay Area, California
    Ratings:
    +1,670
    Current Phone Model:
    Google Pixel
    So the only sure way to turn off one's phone is to do a battery pull now huh....(Yeah I can be paranoid)
     
  4. pc747

    pc747 Administrator
    Staff Member Rescue Squad

    Joined:
    Dec 23, 2009
    Messages:
    24,243
    Likes Received:
    5,276
    Trophy Points:
    1,123
    Ratings:
    +5,860
    Except those of us without removable batteries are stuck.
     
    • Like Like x 1
  5. FoxKat

    FoxKat Premium Member
    Premium Member

    Joined:
    Apr 2, 2010
    Messages:
    14,806
    Likes Received:
    4,751
    Trophy Points:
    838
    Location:
    Pennsylvania
    Ratings:
    +5,290
    Current Phone Model:
    Droid Turbo 2 & Galaxy S7
    No, not true. There is no way to bypass the full hard shut down done by holding power and volume down for ten seconds.

    It is a full hardware process and is completely dependent on the button combination to initiate a hardware countdown to a full power interrupt.

    Sent from my Droid Turbo on Tapatalk.
     
    #5 FoxKat, Feb 21, 2015
    Last edited: Feb 23, 2015
    • Like Like x 2
  6. Jeffrey

    Jeffrey Premium Member
    Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    6,686
    Likes Received:
    3,548
    Trophy Points:
    1,578
    Location:
    Thailand
    Ratings:
    +4,036
    Current Phone Model:
    iPhone 7 Plus JB
    Install AVG. Better safe than sorry.
     
    • Like Like x 1
  7. drtnsnw

    drtnsnw Member

    Joined:
    Jun 21, 2010
    Messages:
    376
    Likes Received:
    13
    Trophy Points:
    18
    Ratings:
    +14
    except the only way to get this is to be rooted, and download some very sketchy Chinese apps from a 3rd party app store! Funny how AGV declined to tell you that

    Chris
     
  8. Jeffrey

    Jeffrey Premium Member
    Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    6,686
    Likes Received:
    3,548
    Trophy Points:
    1,578
    Location:
    Thailand
    Ratings:
    +4,036
    Current Phone Model:
    iPhone 7 Plus JB
    I believe they did disclose it. Check the link above.
     
    • Like Like x 1
  9. FoxKat

    FoxKat Premium Member
    Premium Member

    Joined:
    Apr 2, 2010
    Messages:
    14,806
    Likes Received:
    4,751
    Trophy Points:
    838
    Location:
    Pennsylvania
    Ratings:
    +5,290
    Current Phone Model:
    Droid Turbo 2 & Galaxy S7
    From the AVG site as per the link;

    " First seen in China, the malware spreads through Chinese app stores with around 10,000 devices infected so far.

    The malware affects versions of Android older than v.5 (Lollipop) and requires root permission to hijack the shut down process."

    And;

    " Analysing the malware

    First, it applies for the root permission.

    Second, after root permission is acquired, the malware will inject the system_server process and hook the mWindowManagerFuncs object."

    Sent from my Droid Turbo on Tapatalk.
     
    • Like Like x 1
  10. killer428

    killer428 Member

    Joined:
    Jun 11, 2012
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    23
    Location:
    Clarksboro , New Jersey
    Ratings:
    +8
    Current Phone Model:
    Motorola Nexus 6
    Twitter:
    04Mystichrome
    This happened to me the other day with my Razr Maxx hd and all I did was what FoxKat said , Hold down the Off/On button & Volume down and the phone rebooted just fine. Has not shut down since.
     
    • Like Like x 1
  11. grenefroggie

    grenefroggie Super Moderator
    Staff Member

    Joined:
    May 18, 2011
    Messages:
    964
    Likes Received:
    398
    Trophy Points:
    203
    Location:
    KY
    Ratings:
    +464
    Current Phone Model:
    Google Nexus 5
    It can be avoided by not installing sketchy 3rd party apps. While the Play Store has had its fair share of infected apps, it is usually a pretty safe bet to get your apps from there.
     
    • Agree Agree x 2