Power Off HIjack | Forensic 101
Everyone and everything is online now. We live our lives online, we chat online, we shop online and we even learn online. Our finances have shifted online too, especially post demonetisation. The government is striving to make our economy digital. Digital India is their goal. It sounds well and good. A digital economy will mean fewer cash frauds, easier transactions and a significant decrease in the flow of black money.
However, going digital isn’t really the safest bet. Hacking and online attacks are an everyday phenomenon. Online fraud, identity theft even online robberies happen all around the world on a daily basis. This is one of the main reasons we need to educate and take digital forensics seriously.
We at Forensic 101 create videos on the digital frauds and hacks that takes place in day to day life, hence educating people and making internet a safe place. We work closely with DIgital Forensic Solution companies and education institutes.
A new Android malware tool has served another reminder on the dangers of downloading mobile applications from insecure third- party app stores.
Malware creators are getting increasingly cleverer with their creations. The latest example of this comes in the form of the “PowerOffHijack” malware. This malware has the ability to hijack the turn off feature of an Android smartphone and continue operation in stealth mode after the phone has apparently been shut down. The malware can be used to spy on the owner, steal data from the device, take pictures and send messages without tipping off the user.
After a normal shutdown routine, it gains root privileges,
the malware injects malicious code into the ShutDownThread.shutdown process, thus intercepting the shutdown process and replacing the original dialog window for a fake one. At this point, however, the device is still on, connected to the network and ready to spy. Some functions, such as ringing, ability to turn the screen off, and the LED light, have been disabled in order to not “blow the cover.”
A Familiar Problem
The new threat highlights the problems users can run into when using third-party stores to download mobile applications, particularly for Android. According to Safe and Savvy, 97 percent of all mobile malware is currently on Android systems. An overwhelming majority of the malware is distributed through doctored or outright malicious applications hosted on third-party mobile application stores.
In many cases, cybercriminals infect popular programs in these application stores that users download on their devices..
Online stores such as Mumayi, eoeMarket, Android159 and liqucn host a relatively high number of malicious programs. Google Play’s store, on the other hand, accounts for less than 1 percent
of malicious Android applications. This means users who only download apps via the Google Play store often face fewer security problems.
