Top

Android malware using Google Talk to make strange calls, send texts

Users do not get to know that the app is making calls as the handset's screen is turned off during these calls but the CPU is active.

Security researchers have spotted a new Android Trojan packed inside a stopwatch app, which is capable of using Google Talk to initiate phone calls to unregistered numbers on its own.

According to a Softpedia report, the Trojan, codenamed Android/Trojan.Pawost, begins its activities right after a user installs it. Subsequently, the app shows a Google Talk icon on the handset’s notification screen.

Almost all users can figure out that there is something malicious about the Pawost notification as it pops up with out any text. And if someone fails to uninstall it, the app starts making calls by itself to several unknown numbers, utilising Google Talk.

Users do not get to know that the app is making calls as the handset’s screen is turned off during these calls but the CPU is active. However, one strange aspect about this app is that the calls it makes are never to a valid number and all start with the same sequence: 1-259.

Since the Pawost was stacked up with an Android app with a Chinese interface, researchers from Malwarebytes also tried to figure out the the mystery related to the numbers; they even tried adding international prefixes to see which country it was targeted at. At long last, they were able to figure out that the app was targeting Chinese users.

When they decided to delve deeper, the researchers also found out evidence regarding the app’s spyware capabilities.

The malware is capable of collecting sensitive data such as IMSI codes, IMEI numbers, CCID identifiers, phone numbers, handset version details, and the list of apps you have installed.

The malicious app then takes this data, encrypts it, and sends it to an unknown remote server. The Trojan can also send text messages and block incoming ones. The researchers said that they found the SMS capability in the Pawost decompiled source code but had no clue while running the rests.

However, the Trojan seems to be in its initial stages and it is mainly targeting Chinese users, as fathomed by the data received. The motive of the people behind this Trojan malware, though blurred, seems like an easy way to earn money via affiliate programs.

( Source : Deccan Chronicle. )
Next Story