Source: OT-Team(G), 白城市公安局; 淮安市公安局; 濉溪县卫生健康委员会
Police in northeast China have issued a public alert over a new form of cyber fraud involving modified power banks, warning that seemingly ordinary charging devices can secretly take control of smartphones and steal personal and financial data.
On December 11, a public security bureau in Jilin Province released a safety notice titled "Beware of Virus-Infected Power Banks," highlighting a scam scenario that illustrates how unsuspecting users can be tricked.
The warning described a situation involving three individuals, identified as A, B, and C. While outdoors, A complained that his phone was not charging properly. He first asked B for help, but B hesitated. C offered to try the power bank, but the phone still showed no charge. C suggested that the power bank might be faulty and advised A to ask someone else. When B eventually tested the device, he also found that the phone would not charge. Police clarified that in this scenario, B was the victim: by connecting his phone to the compromised power bank, malware infiltrated his device, potentially stealing contacts, photos, device identifiers, and other private information. Attackers could even maintain control of the phone after the power bank was disconnected.
The bureau explained that the attack typically unfolds in a series of technical steps:
Step 1: An ordinary-looking power bank
The device appears completely normal, with no visible signs of tampering or modification.
Step 2: Normal charging status displayed
When a phone is connected, the screen shows a standard charging indicator, giving the impression that the device is working properly.
Step 3: No abnormal phone behavior
The phone continues to operate smoothly. Apps open and close normally, no new apps appear, none are missing, and there are no warning messages or performance issues.
Step 4: Phone screen mirrored to a remote computer
Even without any physical connection to a computer, the phone's screen is silently mirrored in real time to a remote system controlled by the attacker.
Step 5: Full access and remote control achieved
Attackers can view contacts, photos, messages, and other private data. The phone can be remotely operated as if the attacker is physically holding it.
Step 6: Payment functions exploited
Criminals can open payment apps such as Alipay on the victim's phone and display a payment QR code. Funds can then be transferred simply by scanning the code, without entering a password.
Step 7: Control persists after disconnection
Even after the charging cable is unplugged, remote control of the phone may continue, enabling ongoing surveillance or further unauthorized transactions.
Police emphasized that legitimate power bank manufacturers do not embed malware, trojans, or backdoors. The risk arises when shared or public devices are deliberately modified to transmit data through the charging port and install malicious programs on users' phones.
Authorities noted that similar incidents have occurred nationwide. Users have reported "Trust This Device" prompts while charging; approving such requests without caution can lead to compromised accounts and altered passwords.
The police advisory urges the public to avoid power banks from unknown sources, refuse devices offered by strangers, disconnect immediately if any unusual prompts appear, choose reputable brands, monitor phones for abnormal behavior, and regularly scan devices for malware.
The warning underscores that even routine activities such as charging a phone in public can carry hidden cybersecurity risks, and that vigilance is the most effective defense against increasingly sophisticated scams.
No comments:
Post a Comment