LONDON, U.K. — A malicious app has found its way onto the Apple iOS App Store for iPhone and iPad.
The app, named ‘Find and Call’ managed to get on the store despite Apple’s strict screening process. Kaspersky Lab discovered the Trojan which is widely considered to be the first malware found in the App Store.
The security firm explained that the app was thought to be an SMS worm sending text messages to contacts with a url to the app itself. However, it later found that the Trojan uploads the user’s phonebook to a remote server to be used for spam text messages.
Apple said: “The Find and Call app has been removed from the App Store due to its unauthorised use of users’ Address Book data, a violation of App Store guidelines.”
Find and Call also made an appearance on the Google Play Store but has since been removed by the firm.
Security firm Sophos doesn’t agree with Kaspersky that the app is actually malware. In its blog it points to the fact that the app has the same name across both stores, it has functionality and the Find and Call website is also not malicious.
“It would probably be more accurate to say that the “Find and Call” app is “spammy” – as it leaks data all over the place in plain text via http (which means, of course, that the data could be intercepted and sniffed by someone wanting to snoop on you).” said Sophos.