Apple has removed the first instance of a malware app in the iOS App Store which was revealed by Kaspersky yesterday.
In a post on the Securelist blog of the security software company, senior malware analyst Denis Maslennikov revealed just why the Find and Call app was flagged as malware.
The Russian-language app billed itself as an app which help users simplify their address books. However, Maslennikov revealed it had a pretty nasty hidden agenda. It was flagged by kaspersky as “Trojan.AndroidOS.Fidall.a” and “Trojan.IphoneOS.Fidall.a”
For those wondering why this is considered the first malware instance on the Apple App Store, the analyst explained that “it’s the first case that we’ve seen malware in the Apple App Store” compared to it being nothing new in the Google Play store.
“It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago,” Maslennikov said. “But the main issue here is user’s privacy again.”
“It’s not for the first time when we see incidents related to user’s personal data and its leakage. And it’s for the first time when we have confirmed case of malicious usage of such data,” he added.
The analyst shares that Kaspersky was notified of the Find and Call app by Russian telecommunications company MegaFon.
According to him, the suspicious app first “seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.”
“However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server,” he added.
The app was available on the iOS App Store and also on the Google Play store but both online marketplace for apps have already removed the malicious app.
“The Find and Call app has been removed from the App Store due to its unauthorized use of users’ address book data, a violation of App Store guidelines,” Apple has said in a statement.
According to Maslennikov, upon launching the app, a user will be “will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity).”
From there, the Find and Call app will get information from your device to send out spam. “If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server,” the analyst said.
The Find and Call app is also able to upload GPS coordinates of the device it is installed in.
In a nutshell, Maslennikov said that:
“User will be able to continue using the application but at the same time the application steals data from the device (phone book and cell phone numbers) which are uploaded to a remote server to be used for SMS spam campaigns. Each phone book entry will receive SMS spam message offering to click on the URL and download this ‘Find and Call’ application. It is worth mentioning that the ‘from’ field contains the user’s cell phone number. In other words, people will receive an SMS spam message from a trusted source.”
As to who made the app, a little further digging by Kaspersky revealed that money added to a user’s account for the Find and Call app was sent to a certain “LABWEALTH.COM PTE. LTD.” based in Singapore. Yes, Find and Call allows a user to add money to the app via PayPal.
Image from Yutaka Tsutano on Flickr (CC)