According to digital forensics company Rick Crouch & Associates, the phone virus, or malware – called PowerOffHijack – presents a fake dialogue box that prompts the user to shut down when the power button is pressed.

The phone virus then takes over the phone’s shutdown process, mimicking the standard procedure and animation to make it appear as though the phone has been turned off.

In reality, the device remains on even though the screen goes black

While the phone is in this state of perceived stasis, the malware can go to work. PowerOffHijack can access sensitive information and exploit the phone’s basic functions, making calls, accessing the camera, and sending text messages.

AVG first discovered PowerOffHijack in China

The firm reports that the malware has infected upwards of 10 000 devices worldwide. Other than the fact that it targets Android devices running 5.0 Lollipop, the latest major version of Google’s mobile OS, details about the bug are scarce.

Subscribe to our Free Daily All4Women Newsletter to enter

AVG was also able to determine that the malware required root permissions to run, meaning that normal mobile web-browsing behaviour is unlikely to open the door for it. The Google Play Store regularly weeds out malicious content, so it is unlikely that an approved app is PowerOffHijack’s attack vector.


For those concerned that their device may be affected or at risk, contact Rick Crouch & Associates