back to article Android malware hijacks power button, empties wallet while you sleep

Security biz AVG has spotted an outbreak of a new kind of Android malware that will come alive even when the phone is supposedly switched off. The software nasty is able to do this by hijacking the mobe's power-off sequence. Android malware No shutdown for you! Part of the Android shutdown sequence "After pressing the …

  1. Anonymous Coward
    Anonymous Coward


    So an app that's granted root permissions can cause havoc. Is this news?

    1. Mr.Mischief

      Re: Surprise?

      Yeah. How the heck does an app get root permissions?

      I guess you would have had to

      1) Root the phone

      2) Install the app

      3) Blindly give the app root permissions when it asks for it

      Doesnt impact the huge percentage of unrooted phones then does it?

      1. Tom 35

        Re: Surprise?

        So the little bit of info you forgot to tell us is that it only works on those cheap google free china phones where people install there apps from random sites, or people who have rooted their phone and install apps from random sites.

        1. Anonymous Coward

          Re: Surprise?

          Thanks to Windows there are quite a few people with that mindset, however.

          1. Ragarath

            Re: Surprise?

            Thanks to Windows there are quite a few people with that mindset, however.

            Also thanks to Windows, those "quite a few" probably don't have the know-how to root their phones as they made it easy to use a computer. Quite a conundrum huh?

      2. Kevin McMurtrie Silver badge

        Re: Surprise?

        Granting temporary root permission is unfortunately too streamlined. Put up dialog box with a "Continue" button. Wait two seconds. Ask for root. Finger taps "Allow." You could probably improve timing using the camera, gyros, or touchscreen diagnostics to detect motions immediately preceding a touch. A countermeasure could be granting root permission using a gesture that's easy to abort.

  2. Anonymous Coward
    Anonymous Coward

    Let me know

    When something like this sneaks into the Google Play store.

    1. Captain DaFt

      Re: Let me know

      "Let me know When something like this sneaks into the Google Play store."

      And it'll definitely be 'when' and not 'if', if not 'already'.

      1. Stuart 22 Silver badge

        Re: Let me know

        1. Ok so I'm running 5.0 so no current threat. But when they crack that. ..

        2. They have to get the app recommended to me by a trusted source. But when...

        3. They have to get it both into Play Store (not difficult?) and keep it there (more difficult). But when...

        4. Get over my obsessive hangup about permissions. But when...

        5. They can rip me off for all of £2 being my Tesco Mobile cap.

        Yes its bad but not bad enough to lose sleep over. YMMV.

  3. Dave 126 Silver badge

    >taking the battery out of your phone – aka the engineer’s reset – is the only way to be sure. >Unfortunately, that’s not an option on many phones these days.

    Start the phone running a GPU benchmark utility and then put it in a metal box. The battery won't last forever.

  4. Andrew Jones 2

    Some phones don't have removable batteries - they do however have press and hold power button for 8-10 seconds. The Malware can't override that.......

  5. MichaelMorrissey

    There is a big problem with malware on Android. Android users tend to be from the third world so are less likely to be able to pay for apps so get dodgy versions that often have malware. Its why Google Play apps are much lower quality than Apples apps because its so hard to Android developers to make any money. Those that do write Android apps tend to be 'just having a go' type developers who like the idea of being an app developer even though they make no money from it.

    1. Nick Ryan Silver badge

      re: @MichaelMorrissey

      Thanks for registering just to write unsubstantiated almost-racist rubbish.

      Android users tend to be from "the third world"? Hardly: many android (and winphone) devices are often the same price or more than the apple equivalents. This doesn't equate with them being used by "poor people".

      For some reference statistics, which you will doubtless enjoy manipulating and misreading to give whatever picture you want: smartphone % penetration by country..

      Back to your "third world" angle: Here's a breakdown of the US's smartphones by OS. Unless you are going to now state that the USians are in fact living in a third world country, would you care to explain this?

      Relating back into the first stats, here's one showing worldwide market share..

      While it is interesting to note that the US has a more balanced split of Apple vs Android in it's market, the US is only 13th in overall smartphone penetration. Some "third world" countries such as Spain and Germany have rather higher OS splits in favour of Android compared to Apple.

      One point to note is that in the developing markets the price paid for handsets is less than in the developed markets. This necessarily skews the market split away from Apple as other than 2nd hand or older devices, most Apple phones are priced out of the reasonable disposable income price range - food, heating, clothes, education or mobile phone? WinPhone devices are making reasonable inroads into these price constrained markets but nothing compared to feature phones and to a lesser extent "landfill" android phones. It's these phones that will be targetted by this kind of exploit, they are often unsupported, never updated by their manufacturer and often too costly for an end user to even consider the data bandwidth to peform an update and often as a result they have access to local app stores and not Google Play. However this does not mean that an app that requires Root access will work as even the landfill devices don't come with root access as standard.

      Basically, it's a security scare story from an advertiser that's sole reason for existing is to sell security products.

      (EDIT: some of the links may not work as the damn stat site sometimes arbitrarily requires a signin to view the stats. sorry).

  6. Peter Ford

    Name and shame

    Why won't AVG mention any names?

    Surely their business model is not to make sure everyone gets infected by these types of app so we all have to buy their AV software...

  7. Anonymous Coward
    Anonymous Coward

    LOL, Android is swiss cheese.

    1. Dr. Mouse

      LOL, Android is swiss cheese if you poke it full of holes and don't know what you are doing! Just like any device where a user disables all the security measures and blindly clicks OK to any dialogue box that happens to appear!


    2. JoshS

      Wow, quite an ugly bit of malware.

      Much worse than Google's spyware android itself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021