Trojan App Snakes into Apple App Store

Trojan App Snakes into Apple App Store
July 09 19:58 2012 Print This Article

A Trojan app designed to steal copies of iPhone’s and Android smartphones’ address books appeared on both the official Apple App Store and Google Play. Digital security experts were baffled on how this malware went unnoticed for at least a week.

The app, named “Find and Call,” is a leak-and-spam type of malware. Denis Maslennikov, a security researcher at Kaspersky Lab, wrote about Find and Call in detail in a blog post. Both Apple and Google have removed the malicious app last week.

Maslennikov wrote that while malware appearing in Google Play is a usual sight, it is “the first case that we’ve seen of malware in the Apple App Store.”

“It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch five years ago. But the main issue here is user’s privacy–again.”

There have been apps that grab address book data, but they do so in the name of “social network functionality” such as Hipster and Path. Both apps upload users’ address books to servers controlled by developers, but require explicit permission from users before doing so.

But Find and Call, according to Maslennikov, was clearly malicious. Reviews of the app on both the Apple App Store and Google Play have been far from favorable, with many users complaining that rather than providing a free call service, the app was instead sending spam SMS messages to their address book contacts. The spam messages list the user’s cell phone number in the “from” field, indicating that the SMS actually appear to have come from the user. The message, however, contains a URL link to download Find and Call app.

The developer of the app claims that the spam messages had been sent erroneously, adding that Find and Call is “in the process of beta-testing,” and the bug has since been fixed.

Source: Secure List, via Information Week

write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment

Leave a Reply