Malware uses Google Talk to make rogue calls, collect data

Security researchers have discovered a new slice of malware that uses Google Talk to make rogue calls. One time invoked, a blank Google Talk icon pops up in the notifications of your device, and after a few minutes, the malware starts making unwarranted outgoing calls.

Security researchers at Malwarebytes said that this latest threat exploits unaware users and Google Talk to make calls to a number with expanse code 259, costing users money. "The area code 259 is unassigned to any region in the US and considered to exist invalid. It is also an unassigned area code for the country from which Pawost originates, Communist china," Malwarebytes said in a blog post. The new malware called Android/Trojan.Pawost engages via a malicious app when a user downloads something from an unofficial source. When invoked, this malicious app installs the malware, enabling it to make a series of calls.

"An incoming call from an unassigned area code means the phone number was likely caller ID spoofed; a trick ofttimes used past telemarketers/scammers to hide the originating phone number. An outgoing phone call to an unassigned phone number is a little more unusual." Researchers said that while it'due south unusual, the problem is present. Hiding itself, Pawost puts the mobile device into a "partial wake lock" with CPU still running "but the screen and keyboard back lite are turned off." This ensures that user doesn't get to know about the outgoing call being made. The malware keeps making the calls until yous forcefulness close the app or uninstall information technology. Google Talk notification also appears in the notifications, until the app is airtight or uninstalled.

As long as the malicious app is running, it will keep to brand calls until you forcefulness the app to stop or uninstall it. The Google Talk notification won't get away until this is washed likewise.

Forth with making calls, Pawost also gathers device information such as IMEI, phone number, IMSI, CCID, phone version, details of apps installed on the device, and other such data. Pawost then encrypts this information and sends information technology off to a remote site. If that wasn't enough, Pawost besides has the capability of sending SMS messages and blocking incoming text messages.

In their enquiry, Malwarebytes found Pawost masquerading as a simple stopwatch app. To stay safe, never install apps from unknown sources and read the permissions that a certain app requires earlier y'all install it. Like researchers said, a stopwatch app shouldn't need permissions for "calling, receiving/sending SMS messages." This list of permissions also helps y'all understand if you are granting unnecessary permissions to an app, and if that legit-looking app is actually planning to wreak havoc on your device.

Source: https://wccftech.com/malware-uses-google-talk-to-make-rogue-calls-collect-data/

Posted by: trevinohirly1986.blogspot.com

Share this post