The shutdown hijacked malware broke out in China, such as automated call and take photos

note: hunting cloud open nature of android mobile platform safety concerns have been broken, maker of a hacker or virus to steal user information. Even phone cases, part of the virus can still to spy on the phone. The following content from TechWeb

AVG anti-virus software company recently discovered called “PowerOffHijack (shutdown hijacked)” android malicious software, the software works very special: it will hijack the shutdown process. PowerOffHijack let your phone looks like has just been turned off, and then to spy on your phone.

in other words, when you press the shutdown button, your device does not do to turn it off. Although you can still see off screen, the screen will turn black, but your mobile phone or tablet is open.

when your android device is in this state, PowerOffHijack will make a phone call, take pictures, “in the user unwittingly to perform other tasks.”

here is the android malware hijacked way:

in the first place, it will get root permissions.

and then, after get the root access, the malware will inject system_server processes, hijacked mWindowManagerFuncs object.

and then, when you press the power button, there will be a fake dialog box, if you choose to shut down, it will show off false images, shut down the screen, but his cell phone was on.

in the end, in order to make your phone look like really shut down, some system broadcasting services will also be hijacked.

is PowerOffHijack recording phone code below:


 new android virus appeared: after shutdown can still be candid and call

here are PowerOffHijack send private information code:


 new android virus appeared: after shutdown can still be candid and call

although AVG issued a large number of reports describing the PowerOffHijack hijacked the shutdown process, but little information about the software itself. AVG did not say how they found the malicious software, also did not explain how the software into the android devices. This software need root authority that you won’t be in it into your mobile phone while browsing the web.

most android malware is in the user from a third party app store installed the suspicious when applied into the android devices.

AVG spokesman told reporters, “we found that the malware in target is below the Android 5.0 system, it need root permission, so far we found about ten thousand devices are infected, most occurred in China, because it first appeared in China. We see it is spread application market in China.