New Malware Makes Mysterious Google Talk Calls, Collects Data and Sends Text Messages


Security researchers have discovered a new piece of malware that uses Google Talk to make rogue calls. Once invoked, a blank Google Talk icon pops up in the notifications of your device, and after a few minutes, the malware starts making unwarranted outgoing calls.

Security researchers at Malwarebytes said that this latest threat exploits unaware users and Google Talk to make calls to a number with area code 259, costing users money. "The area code 259 is unassigned to any region in the US and considered to be invalid. It is also an unassigned area code for the country from which Pawost originates, China," Malwarebytes said in a blog post. The new malware called Android/Trojan.Pawost engages via a malicious app when a user downloads something from an unofficial source. When invoked, this malicious app installs the malware, enabling it to make a series of calls.

"An incoming call from an unassigned area code means the phone number was likely caller ID spoofed; a trick often used by telemarketers/scammers to hide the originating phone number. An outgoing call to an unassigned phone number is a little more unusual." Researchers said that while it's unusual, the problem is present. Hiding itself, Pawost puts the mobile device into a "partial wake lock" with CPU still running "but the screen and keyboard back light are turned off." This ensures that user doesn't get to know about the outgoing call being made. The malware keeps making the calls until you force close the app or uninstall it. Google Talk notification also appears in the notifications, until the app is closed or uninstalled.

As long as the malicious app is running, it will continue to make calls until you force the app to stop or uninstall it. The Google Talk notification won't go away until this is done as well.

Along with making calls, Pawost also gathers device information such as IMEI, phone number, IMSI, CCID, phone version, details of apps installed on the device, and other such information. Pawost then encrypts this information and sends it off to a remote site. If that wasn't enough, Pawost also has the capability of sending SMS messages and blocking incoming text messages.

In their research, Malwarebytes found Pawost masquerading as a simple stopwatch app. To stay safe, never install apps from unknown sources and read the permissions that a certain app requires before you install it. Like researchers said, a stopwatch app shouldn’t need permissions for "calling, receiving/sending SMS messages." This list of permissions also helps you understand if you are granting unnecessary permissions to an app, and if that legit-looking app is actually planning to wreak havoc on your device.