Android/Trojan.Pawost, a mobile malware has been detected making malicious calls using Google Talk. The Pawost malicious app when opened, shows a blank Google Talk icon in the notifications center of the mobile. And after few minutes, it starts making an unwarranted outgoing call to a number with an area code of 259.
The 259 area code isn’t assigned to any region in United states and also invalid for the country from which Pawost originates i.e. China. The call to unassigned area essentially means that phone number was likely called ID spoofed, which is a basic telemarketing and spam trick to hide the real number. But, an outgoing call to an unassigned phone number is a little unusual.
The Pawost trojan puts the phone in sleep mode when a call is made, hiding the presence of call from the user and continues in the background until the app is forcibly stopped or uninstalled from the device. Even the Google Talk notification stays intact until you take the important action.
The malicious app doesn’t stop there. It even collects personal information such as IMSI , IMEI, phone number, CCID which is used to operate USB connected Credit Card readers, phone version, other apps installed on the device, and other information.
Nathan Collier from Malwarebytes did some research on the Pawost malware by using an Android emulator which didn’t have the capability of making outgoing calls. He used Google Voice to call the offending phone numbers and found out that most numbers were invalid using +1(United States), but worked with +86(China), meaning the malware is specific to Chinese users.
In case your device seemed to be affected by the Pawost, just uninstall the malicious app and remove any files associated with it in the file manager. Also, it’s a good practice to check the permissions you give to apps upon install.