Become a fan of Slashdot on Facebook


Forgot your password?
Android Security

New Android Trojan Fakes Device Shut Down, Spies On Users 118

An anonymous reader writes A new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks, has been discovered and analyzed by AVG researchers. They dubbed it, and AVG's security solutions detect it as PowerOffHijack.
This discussion has been archived. No new comments can be posted.

New Android Trojan Fakes Device Shut Down, Spies On Users

Comments Filter:
  • by sbrown7792 ( 2027476 ) on Thursday February 19, 2015 @12:36PM (#49088149)
    Issue closed by NSA
    • This sounds much more like something the Chinese government would do, although they would simply force the manufacturer to do it, not trick people with fake apps.
      • I would say that's a good guess, though the NSA has had some of their nefarious methods of spying exposed lately as well.
      • by ShanghaiBill ( 739463 ) on Thursday February 19, 2015 @01:37PM (#49088667)

        This sounds much more like something the Chinese government would do

        It sounds more like something an anti-virus company like AVG would make up to get publicity and boost sales. If this was something real, they should name the app (they don't) and/or describe a plausible mechanism. An Android app can detect a hard power down (so that it can save data or whatever) but it cannot stop or delay it. So the only way it could work is to trick the user into releasing the power button too early.

        • exactly. this little detail ...

          That's because the malware, after having previously obtained root access

          the app has to have root to work. how did it get root? my guess is that it's a an app that masquerades as an app that requires root, and it fools the user into granting root privs to the app. if that's what happened, the users deserve their fate.

          • All you have to do is get it integrated into whatever tools someone uses to root their phone and it's installed.
          • The Android permissions system is broken. When you see the list of permissions an app claims it needs, you don't know what it's going to do with those permissions. You're expecting people to look over a list and figure out whether everything looks reasonable for any use of the permissions in that app in an unknown context. I can't look at such a list and be confident with it, and I know a lot more about this stuff than most people.

            I much prefer the iOS system, which asks permission for specific action

        • I keep a set of cheap amplified speakers on my desk. It's the kind with a tattletale buzz when a cell phone is too close. It's hard to be stealthy in a field full of bushes full of bells.

        • works-as-intended.
      • by Bonzoli ( 932939 )
        I'm assuming this only gets in a phone if its jail broken/rooted and your downloading illegally obtained crap the phone. My bet is Government made, but which one has the most to gain from it?
        Is it an Ad for AVG?
        The other Ad, chances of catching this approaches 0 if you don't screw the security on your device up?
  • This is why..... (Score:5, Insightful)

    by TheCarp ( 96830 ) < minus pi> on Thursday February 19, 2015 @12:37PM (#49088157) Homepage

    If you really need privacy, you pull the phone battery....and if you might need privacy, you don't buy a phone that can't have its battery pulled.

    Not really any solutions, as long as people are walking around with what amount to wireless microphones in their pockets this will always be a potetial problem.

    • by Iamthecheese ( 1264298 ) on Thursday February 19, 2015 @12:39PM (#49088189)
      Requiring an action as inconvenient as partially dismantling the device in order to not experience undesired operation is a piss-poor design.
      • by Anonymous Coward
        Good to know you don't need a cell phone of any kind since, well... you know. Any cell phone, smart or dumb, can be activated at any time by anyone with the tools necessary and used as a listening device. This tends to be done during civilian orientation on Military bases as a demonstration of why cell phones are not permitted in designated secure areas, no exceptions.
      • by TheCarp ( 96830 )

        In theory I agree, in practice, this requirement is imposed by the intersection of the other stated requirement "privacy" and the necessary capabilities of the device known as a "smart phone".

        You can't really have a device that does what a smart phone does and isn't a privacy risk without some sort of hard power disconnect.

        You could, otoh, leave the phone in another room, or lock it inside a soundproof box. There are many solutiuons but none of them involve "hit the soft off switch and put it in your pocket

    • by Anonymous Coward

      The article wasn't very clear, but most phones have a hard shutdown that works almost the same as a battery pull if you hold the power button for 10-20 seconds that would most likely bypass anything like this virus.

      Still inconvenient and untrustworthy. I really wish physical buttons that physically disconnect parts of devices would make a comeback. I would love to be able to flip a switch and know for certain that my camera/microphone were off, or to disconnect power rather than opening my phone and pulli

      • Components with moving parts cost money. This is why having a touchscreen quickly leads to having only a touchscreen.

        Not disagreeing with you, BTW. If you want to form a club for the preservation of actual controls you can feel (along the lines of CAMRA) sign me up as member 2.

      • The problem with a Big Red Button on a phone is that it will be pushed by accident. My desktop sits there, with the front panel controls out of easy reach, and the cats don't try to get too friendly with it, so a BRB is just fine. My phone sits in my pocket all day, and I touch various parts of it as I pull it out, use it, drop it and try to catch it, take something else out of that pocket, whatever. I don't want to have my phone turn off when I don't want it to. I don't want to be able to touch someth

    • by thieh ( 3654731 )
      If you need privacy, you don't buy a phone. Do all your talking in person. Actually, do everything in person.
    • Android's tend to have removable batteries. iPhones don't.
      Android's have this malware. iPhones don't.

      • by tepples ( 727027 )

        Android devices that have not been rooted do not have this malware. You can't catch it just by turning on "Unknown sources".

        • by suutar ( 1860506 )

          I thought "unknown sources" was enough to allow third party app stores (assuming that it hasn't actually reached Google Play yet), from reading this []. Am I mistaken?

          • You are not mistaken.

            However, this virus apparently and logically also needs root access. Unknown sources does not grant it that. Rooting your phone does.

            It needs both to work.

            • by TheCarp ( 96830 )

              This is one of the things that pisses me off about droids as awell. I bought the fucking hardware, its my phone. If I break it, I buy a new one. So why don't I have access to the root acount. I don't want to run everythng as root, but I shouldn't need an exploit to get it and run apps that need it.

              And maybe, if they designed with that access in mind, and didn't make people use exploits to get root access....maybe if they stopped treating it like hardare I was borrowing instead of buying we could have mechan

              • I actually agree with some of the sentiment of the manufacturers. Most users can't handle root so you shouldn't give it to them. Manufacturers can't just work with nerds who can handle it. Ordinary users will mess things up and complain to the manufacturer about it.
                However it should be a setting like "unknown sources" where those that choose it can activate it. At their own risk of course.

    • by Anonymous Coward

      If you really need privacy, you pull the phone battery....and if you might need privacy, you don't buy a phone that can't have its battery pulled.

      Not really any solutions, as long as people are walking around with what amount to wireless microphones in their pockets this will always be a potetial problem.

      Or at the very least, don't run any apps outside of the designated ecosystem that at least have provisions to theoretically mitigate malware like this. It's really the equivalent of downloading random installers from torrent links on the pirate bay, and then going "oh shit windows is so insecure!" when you get hacked and your banking passwords get stolen.

  • WTF? (Score:4, Funny)

    by gstoddart ( 321705 ) on Thursday February 19, 2015 @12:42PM (#49088207) Homepage

    Why is it so damned easy for malware to get root access, and so damned annoying for me to get it?

    And, quite honestly, by how annoying and intrusive AVG was becoming when I got away from it ... do we have another source which confirms this?

    I'm just not sure I trust them to be quite honest.

    • by fisted ( 2295862 )
      Wait since when is rooting an android device difficult? What model are we talking about?
      • Look, if I want to build my fucking phone in a kit ... well, actually, I don't want to build my phone in a kit, which is my damned point.

        So first I need to find an exploit for my phone, hope it works, hope it has no chance of bricking my phone (which no matter what anybody says is non-zero), then I need to download a ROM, then I need to recreate all the functionality I need, and then I need to hope it works. Then I need to do who knows what to keep it running.

        Sorry, but no.

        I've looked into rooting both my

        • It all comes to your choice in phones and if they have a locked boot loader (or an unlockable one) or not. Phones without one like Nexus devices, Google Play Editions, or my personal favorite the Moto X Developer Edition are simple to root and don't even require ROMing. My Verizon Moto X Dev has even stayed rooted through 3 Over The Air updates without having to do anything special.

        • by fisted ( 2295862 )
          Okay, so instead of answering my genuine question you prefer to go on a rant demonstrating how you're confusing rooting with installing a custom ROM. Fucking useless.
        • I've looked into rooting both my phone, and my tablet ... and both of them sound like they're a lot more nuisance than it's worth.

          having a custom ROM and rooting are orthogonal. i have a Nexus 10 that's rooted but's running the stock firmware and continues to get OTA updates. that being said, you are mostly right about running a custom ROM. the result is a loss of an hour of your life and a device that's almost always less stable.

    • Re:WTF? (Score:5, Informative)

      by AmiMoJo ( 196126 ) * <> on Thursday February 19, 2015 @02:12PM (#49089031) Homepage Journal

      There is nothing to see here. The malware doesn't get root. It's just a normal app that simulates shutdown, like those lame joke apps we used to write back in the day that mimic the DOS format command output or Netware login screen. The user has to be simultaneously knowledgeable enough to enable app installation from sources other than Play and extremely dumb to install an app requiring so many permissions and from a dubious source.

      The malware doesn't do anything a normal app can't. No exploits, it just makes the screen completely black and starts sending text messages (which the user gave it permission to do), while hoping you don't press the home key and discover the ruse.

    • Why is it so damned easy for malware to get root access, and so damned annoying for me to get it?

      In this case, the phone must already be rooted, and the user must be willing to grant root permission to the application. In other words, this is essentially a surveillance app for your spouse/girlfriend/boyfriend/children, where you must have physical access to their device for you to be able to install the trojan.

      After all, why else would the AVG vendor not give us the name of the app?? And why else does the AVG vendor vaguely says that the app "applies for the root permission" when it goes down to the ab

  • You may Save a few bucks using pirated software but you'd better stay with the original Play store even if it costs you some dollars to register your app and at lest you make a developer happy for his job

    • by slaker ( 53818 )

      Some Android devices don't have licensed access to the Play Store, including anything that runs FireOS and tits-knows how many generic devices that somehow manage to get random retail distribution. You can tell people "Don't buy those things." but what do you say to the people who already own them?
      In some cases (e.g. Firefox), an APK will be available from the developer, but because of the way Android works, there's every possibility that even a random developer's packaging (e.g. Pushbullet) will rely on Go

  • by JeffOwl ( 2858633 ) on Thursday February 19, 2015 @12:52PM (#49088297)
    This capability predates Android and was used against feature phones quite a number of years ago. The countermeasure then, as it is now, leave your phone elsewhere or pull the battery if you really need to be sure you aren't being monitored.
    • Of course that's been counted by the fact they won't let you pull the friggin battery anymore.

    • At about the peak of analog phones, most would have a dumb message on the screen, usually the maker's name or the carrier name. You could often change this message but almost nobody did, but the displays were so primitive that informational messages usually appeared in the same place and type, like "NO SERVICE".

      The fun thing to do was to change the message from "Airtouch Celluar" to "NO SERVICE" and enjoy the hilarity when people picked up their phone and wondered why it wasn't working.

      Yes, most phones sho

  • should've been the name they gave it.
  • As the article state it needs Root to do it.

    And it do not say how you gets it.

    So it's some code that need root access to mess with your phone.
    So you properly just need to root your phone. And install an app that you have downloaded from some suspected webpage.
    So is it a Trojan or just a feature from a rouge app/programmer?

    Do not root your phone if you do not have any idea what you are doing and installing apps from every that you find.

  • ... right up to the point where my GSM phone makes one of these 'background calls' and every nearby radio starts squawking and buzzing.

  • by farble1670 ( 803356 ) on Thursday February 19, 2015 @04:23PM (#49090349)

    That's because the malware, after having previously obtained root access

    how did it get root? either the device was rooted and the user granted the app root privs (duh!), or they've discovered a hack to gain root on non-rooted devices. if it was the latter, we'd be hearing a lot more about it, and faking a phone shutdown is the least of our concerns.

  • These things always happen to people who are using 3th party app stores, besides f-droid (which only has open source android apps), what could the possible reason be to use 3th party app stores? what apps are on there that you can't find on the play store?

A committee is a group that keeps the minutes and loses hours. -- Milton Berle