Skip to main content

Android Malware Only Pretends to Turn Off Phones

Android device owners know that popularity has its price: The most popular mobile OS is also the one most frequently targeted by malware. Still, at least malware can't target your phone when it's turned off — or so it seemed, until now. A nasty new hijack tricks users of rooted phones into thinking that their phones are powered off, then goes to work with surveillance and texting scams.

Amsterdam-based security company AVG released a blog post about the sneaky malware, which has no specific name. The way it functions is fairly ingenious. When a user turns off a phone, the malware shows an animation of the shutdown process, turns the screen off and begins exploiting the device.

MORE: Best Android Antivirus Apps

At a bare minimum, AVG demonstrated that the malware can record phone calls and send text messages without the user's permission. Before installation, the malware requests access to a phone's root permissions, which of course can be granted only on rooted phones.

With root permissions, the malware could theoretically perform almost any action for which a hacker could devise a script. Subscribing to expensive texting scams or lifting financial information are tried-and-true methods of attack, and this malware could probably accomplish both of those feats.

AVG points out that the root-access request is actually good news, as it means the malware cannot install without user permission. The bad news is that malware often piggybacks on legitimate-sounding apps, so users think they're installing, for example, a card game or a horoscope app instead of a phone-hijacking monstrosity.

The easiest way to avoid contracting malware like this is to think very carefully if an app asks for permissions well in excess of what it really needs — no game needs root access to run.

At present, AVG estimates that the malware is present on about 10,000 devices, mostly in China. Devices running Android 5.0 Lollipop appear to be immune, and a good Android antimalware suite (like AVG's) will get rid of it.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.