Search This Blog

Powered by Blogger.

Blog Archive

Labels

Find & Call : malicious iPhone App Found in Apple's iTunes Store


The recent report from Kaspersky on malicious iPhone app spreads like a wildfire on the Internet. Security experts were debating after Kaspersky Lab's Denis Maslennikov said that a Trojan horse - malicious software that pretends to be something innocuous - had gotten past Apple's famously tough App Store vetting process, which has never before let in real malware.

"The application is called 'Find and Call' and can be found in both the iOS Apple App Store and Android’s Google Play," Maslennikov wrote in a blog posting.

Find and Call, made by a Russian firm, claims to be an app that lets you make phone calls by simply typing in or clicking a contact's email address or social-network handle — admittedly a useful idea.

"In order to call somebody from your mobile phone, you can use an email address, a domain name, a profile address in a social network, etc., instead of a phone number just as easily," states the Find and Call official website.

But Maslennikov said Find and Call also copies a user's entire address book to its own servers, and sends out spam text messages to everyone in the address book imploring them to also install the app.

Screenshots of complaints by angry Russian users in the iOS App Store and Google Play, and Maslennikov's own screenshots of code within the app, support his assertion.

Nowhere in Find and Call's terms of use does it say that the app will copy your address book or send out text messages to your friends, Maslennikov said.

An email from Find and Call support staff to the Russian site AppleInsider.ru stated that the sending of "inviting SMS messages" was a "bug in process of fixing."

Sophos Labs' Vanja Svajcer had doubts about whether this behavior really was malicious, or just annoying.

"I'm not sure I 100 percent agree with Kaspersky that it is malware," Svajcer wrote on Sophos' Naked Security blog. "It would probably be more accurate to say that the 'Find and Call' app is 'spammy.'"

Both Google and Apple have removed the app from their websites.

According to softpedia report, Find and Call's creators have contacted AppInsider.ru and told them that the app is still in "beta-testing." The fact that SMSs are sent out to all the contacts is allegedly just a bug.
Share it:

iPhone Malware

Malware Report