Android malware fakes phone shutdown then steals data

Uploaded on 2015-02-24 in NEWS-Cybersecurity News, FREE TO VIEW

Next time you turn off your Android phone, you might want take the battery out just to be certain. Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.

When someone presses the power button on a device, a fake dialog box is shown. The malware then mimics the shutdown animation and appears to be off, AVG's mobile malware research team said in a blog post.

"Although the screen is black, it is still on," they said. "While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user."

The malware requires an Android device to be "rooted," or modified to allow deep access to its software. That may eliminate a lot of Android owners who don't modify their phones. This malware is unlikely to show up in Google's Play Store, since Google tries to block applications that have malicious functions. But it could be a candidate for one of the many third-party app stores with looser restrictions.   computerworld

« Cyber Soldiers: UK Announces Creation Of The 77th Battalion
Who Are The Most Notorious Hacking Groups? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.