Kaspersky is reporting that an app that was recently in the App Store included a Trojan Horse. Luckily, the app in question, Find and Call, is no longer available for download.
According to Kaspersky’s SecureList site:
Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
We’re not sure if this Trojan Horse has anything to do with an issue currently affecting some app updates in the App Store. We suggest users who have downloaded Find and Call remove it from both their iDevice and from iTunes.
Apple has not yet commented on this story.
We’d love to know: How did this app get past Apple’s screeners?
We’ll keep you updated.