It feels like we can't go a single week without learning of some new strain of Android malware, but for the most part, it's rare when we learn of one that introduces a brand-new design or unique mechanics. Well, a nameless piece of malware discovered by AVG this past week helps break the mold.
Infecting about 10,000 pre-Android 5.0 phones in China, this new piece of malware prevents a phone from being shut off completely, even though it looks like it is. There are many details missing here, but what we know is that the malware intercepts the shutdown routine of Android, making it so that the final shutdown phase is never reached. To fool people into thinking the phone is in fact shut down, the device's screen is turned off.
What's unclear about this malware is just how realistic it looks. AVG notes that when the power button is held, a fake menu pops-up, and I'd assume it'd match the power menu of any pre-5.0 device. It's also unclear about whether or not the device acts realistically when being "booted" back up.
Code that intercepts Android's shutdown routine
Nonetheless, what is known for certain is that when the phone enters this fake shutdown state, it can continue to place calls and transmit private messages. It seems likely that the goal of this malware is to rack up bills by automatically opting the device's owner into premium services.
What strikes me most about this malware isn't its unique design, but rather the fact that its developers decided it'd be worthwhile to create. Most people don't keep their phones turned off, for starters, and the malware can accomplish the same functionality with the phone left on. It's a very specific, perhaps niche, piece of malware, and further proves that there's still lots of room for malware developers to innovate -- if you want to call it that.