Unless you have your Android device in one hand and its batteries in another, you might not be sure if it's turned off. An Android Trojan app called PowerOffHijack, which originated from Chinese app stores, was found tricking users into believing that their devices were turned off though they're actually powered on.
Digging into the issue, Trend Micro researchers found that an app believed to be an earlier version of PowerOffHijack appeared as early as September 2014. The app named AndroidFramework (detected AndroidOS_AndFraspy.HAT) disguised itself as a Google service with the package name com.google.progress.
Fake Shutdown Routines
As mobile device users are aware, pressing the power button can result in two things. Tapping the button will turn off the screen, while holding it down will cause it to prompt with device options that include shutting the phone down.
The AndroidFrameworkmalware was designed to perform its malicious operations in the background after you press the power button and the screen goes black.
On the one hand, the PowerOffHijack version was made to run in the background even after you hold the power button down and chose to turn the device off. It will even display the Android shutdown animation to make you believe that your device is shutting down. At this stage, the malware can still make phone calls, send SMS, take photos, and do other malicious routines without user consent.
Both these malware apps were found in third party app stores outside of Google Play and require a rooted device to run.
The PowerOffHijack reportedly works on devices running on Android operating systems that are older than version 5.0, Lollipop. It is said to have originated from third-party Chinese app stores, which explains why most of the 10,000 affected devices are from China.
How to Get Rid of AndroidFramework and PowerOffHijack
It was previously suggested that users can only be truly safe from the PowerOffHijack threat if they remove the batteries of their devices. However, this is not practical for many users who do need to use the devices as well as for devices with batteries that can't be easily removed.
netizens left a footprint.