Apple has been known to have its App Store secured more than any others. But this time Apple missed an app that is actually a malware.
Kaspersky found a trojan horse in an app called Find and Call which is released in App Store. Kaspersky announced this in its Twitter account and blog.
After installing Find and Call, the app wants the user to enter phone number and email address by asking if the user wants to “find friends in a phone book.” But when the user agrees, the app quickly grabs all contact data and then uses it to send out spam to the user's contacts while making it appear that the spam is coming from the user.
The spam message includes a link for the recipient to download the Find and Call app.
The app also collects GPS coordinates from the victim’s phone and uploads them to the server.
The Russian-language app was available in both the Apple App Store and in Google Play. The app is essentially a Trojan that steals and uploads the user’s address book to a remote server.
Find and Call claimed to be an utility app for simplifying users' contacts list.
After realizing about the app's presence, Apple quickly removed it from the App Store.
“The Find and Call app has been removed from the App Store due to its unauthorized use of users’ address book data, a violation of App Store guidelines,” Apple spokesperson Trudy Muller said.
Google followed by removing the app from its Google Play, as well.