Pawost

Pawost is a piece of malware which targets Android devices. The malware hides inside of mobile apps and uses Google Talk to make malicious phone calls using a spoofed phone number with the area code ‘259’. When the app is opened, a blank Google Talk icon appears in the notifications bar and the malware will begin to run. While the malware is placing a call, the phone is put in a partial wake lock, where the screen and keyboard are turned off but the phone’s CPU continues running. Pawost also gathers personal information and encrypts it before sending it to a remote site. The malware will continue collecting information and making outbound calls until it is force stopped. Uninstalling the malicious app will remove the malware from the device. Pawost is believed to be intended to target Chinese Android users, but it is also capable of targeting victims in the US.

Reporting

  • June 2016: Pawost uses Google Talk to make unwanted phone calls. (Security Affairs)

Technical Details

  • Malwarebytes provides technical details on Pawost, available here.
 

Stopwatch app known to contain Pawost. Image Source: Malwarebytes