The Android Pawost malware remains in idle mode for a couple of minutes, then the smartphone will start calling a number with an area code of 259 that is an invalid code in both the US and China.

According to computerhope.com, every call from an unassigned area code could be associated with a spoofed caller ID. The practice of hiding the caller ID is very common for both commercial and illegal activities. Scammers hide their caller ID to deceive victims, telemarketers do the same to avoid being filtered by users.

What about outgoing calls to an unassigned phone number?

The trick could be used to put the device in a specific “wake lock” status that allows attackers to hide outgoing calls.

“When the outgoing phone call is placed, Pawost puts the mobile device into a partial wake lock; the CPU will still be running, but the screen and keyboard back light are turned off.  This hides the presence of the outgoing call being made.” states the post published by MalwareBytes.

Be aware, the malicious Pawost app will continue to make calls until you will not stop it.

Unfortunately, the malware does other malicious activities like sending SMS messages, blocking incoming SMS, and gather data on the victim’s mobile.

It collects information such as the IMSI, the IMEI, OS version, the phone number, the CCID which is used to operate USB connected Credit Card readers, data on apps installed on the device.

Then the threat encrypts the information with a custom algorithm and sends it to a remote site.

The expert that analyzed Pawost investigated on the numbers called by the malware and discovered that they are valid phone numbers if it is used the country code for China (+86). This circumstance led the researcher to believe that the malware was designed to target Chinese users.

“Although it is not clear who or what is being called, the thought of your mobile device calling anyone without your permission is pretty scary.” continues the post.

The good news is that just uninstalling the app you will solve the problem.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Google Talk, Android Pawost)