Malicious spam app discovered in the App Store [updated]

By , Jul 5, 2012

Apple has had a fairly spotless record thus far regarding iOS security. There hasn’t been a single [serious] breach, or malware outbreak — aside from what jailbreak hackers have uncovered, of course.

But it looks like the perfect streak has finally come to an end. A Russian security firm announced this morning that it has discovered a malicious spam [aka a Trojan] application in the App Store…

Kaspersky Lab‘s Denis Maslennikov:

“Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.

However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.”

The app, which is called Find and Call, appears to have already been pulled by Apple. But the fact that it made it into the App Store in the first place is still scary.

Apple has always been praised for its ability to keep apps like this out of the App Store. It’s part of the reason that everyone is so tolerant of its strict policies.

It’ll be interesting to see what, if anything, Apple has to say about this.

[MacRumors]

Update: That didn’t take long. Just a few hours after removing the application, an Apple spokesperson spoke with The Loop about the incident:

“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines.”

Hmm, it sure seemed like it was doing a lot more than that.

  • Share:
  • Follow:
  • http://twitter.com/MCaudebec Maxim∑

    1 out of 650,000+ not bad

    • http://twitter.com/macboy76 Michael Alejandro

      lol I wish I can say the same about the android market on my Galaxy s II. It this seems to be a daily thing on there. But it’s only brought up on android blogs here and there. At least Apple takes action, can’t say they same about google.

    • smtp25

      well at least 2 out of 650,000+

  • OneAndOnlyGamer

    Hopefully it’s still in the Google Play store

  • ExRoot

    This concerns me regarding jailbreak tweaks. I may need to pull back on these tweaks. The is no security wall. No check points.

  • Aleksander Azizi

    It still exist scam app’s in the app store, maby not exactly like this, but take iBlacklist for example (No Not the one in cydia), not long ago there was over 10 fake blacklisting apps saying they can blacklist numbers and messages, while over half wouldnt even open.
    I’m not saying apple is’nt doing a good job, cuz they are.. Joust saying…