Researchers from Russian security software firm Kaspersky Lab have stumbled upon a Trojan application that uploads a user’s entire phonebook to a remote server and then uses the data to spam the user’s contacts.
To date, the Trojan app called “Find and Call” would be the first malware-laced app to ever make it through Apple’s notoriously rigorous app store screening process.
While there had been incidents when an app uploaded a user’s entire address book to the developer’s server, Kaspersky said this is the first time that the contact list was used for malicious purposes.
Primarily targeted at Russian users – the app’s description is set in Russian – the app asks the user to register using his email address and phone number upon opening.
“If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to a remote server,” explained Denis Maslennikov, a Kaspersky Lab expert.
Once done, the user will still be able to use the application but the remote server would be sending messages to every entry in the user’s contact list, with the message containing a link to download the application.
The number being used to send the messages is a normal cellphone number, which Kaspersky said might prompt users to think that the spam message came “from a trusted source.”
The app was also available through the Google Play store, but Maslennikov noted: “Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store.”
Apple and Google have reportedly removed the said malware from their respective mobile app stores since the alert came out, with the former issuing the following statement: “The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines.”
The malware app is the latest in a series of incidents that sought to disprove Apple’s claim that their devices are practically immune to viruses and malware.
Just recently, Apple’s Mac OS X operating system was hit with a botnet that could snoop on user activities and collect sensitive information from them.
The malware, known as BackDoor.Flashback.39, reportedly affected some 550,000 users around the world, including around 500 Mac owners in the Philippines, before Apple took corrective action to patch the vulnerability in its operating system.
The incident has prompted Apple to redact from its official website as well as from other promotional materials its virus immunity claims, which for so many years it trumpeted against the malware-ridden systems of Microsoft.