"Find and Call" in the Apple App Store (Screenshot) (Photo : securelist.com)
Kaspersky Lab discovered what could be the first-ever malware product hit the Apple App Store, spreading panic among iPhone users.
A mobile app “Find and Call” was available on App Store since at least June 13 and was removed yesterday after contacted by MegaFon, a major mobile carrier in Russia. The Russian-language appeared to be an address book app that simplifies contact list, but it discreetly uploads vital users’ information to the developer’s server.
Like Us on Facebook
“At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself,” wrote Kaspersky Lab Expert Denis on their blog.
“However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.”
Upon downloading and launching the app, users will be asked to register with email address and cell phone number. And when the user tries to “find friends”, the app uploads their phone book data to a remote server without any notification or confirmation.
The contacts in the stolen phone book may receive a spam email afterwards.
The malicious app, which was also in Google Play, was removed Thursday.
“The Find and Call app has been removed from the App Store due to its unauthorized use of users’ address book data, a violation of App Store guidelines,” Apple spokesperson Trudy Muller told Wired.
Analyst also discovered that when the user tries to add money, it will try to transfer to a company called “LABWEALTH.COM PTE. LTD”.