According to a report from the security research firm (and anti-malware software publisher) AVG, the malware—called PowerOffHijack—presents a fake dialogue box that prompts the user to shut down when the power button is pressed.
The bug then takes over over the phone’s shutdown process, mimicking the standard procedure and animation to make it appear as though the phone has been turned off.
In reality, the device remains on even though the screen goes black.
While the phone is in this state of perceived stasis, the malware can go to work. PowerOffHijack can access sensitive information and exploit the phone’s basic functions, making calls, accessing the camera, and sending text messages.
AVG first discovered PowerOffHijack in China. The firm reports that the malware has infected upwards of 10,000 devices worldwide. Other than the fact that it targets Android devices running 5.0 Lollipop, the latest major version of Google’s mobile OS, details about the bug are scarce.
AVG was also able to determine that the malware required root permissions to run, meaning that normal mobile web-browsing behavior is unlikely to open the door for it. The Google Play Store regularly weeds out malicious content, so it is unlikely that an approved app is PowerOffHijack’s attack vector.
For those still concerned that their device may be affected or at risk, AVG’s anti-virus app promises to detect the threat. Still, as an additional precaution, the company suggests removing the battery from your phone upon shutdown.