As posted on the AVG blog, a new piece of Android Malware has been found.
After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.
While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.
How does this happen?
First, we have to analyze in detail, the shutting down process.
On Android devices, when the power off button is pressed it will invoke the interceptKeyBeforeQueueingfunction of the class interceptKeyBeforeQueueing.interceptKeyBeforeQueueing will check if the power off button is pressed and go to certain process.