San Jose Mercury News (MCT)
POSTED: 5:34 a.m. HST, Jul 6, 2012
SAN JOSE, Calif. >> An application available for Apple and Google’s mobile operating systems steals the user’s contacts list for the purposes of text messaging spam, according a report issued Thursday that claims it is the first malware to appear in Apple’s App Store.
The app, called “Find and Call,” passes itself off as a mobile phone book application, but users who download and use the app will have all of their contacts uploaded to a remote server, according to a post from Kaspersky Lab security blogger Denis Maslennikov. Once the app uploads the user’s contacts, it sends text messages to all of the contacts that appears to be from the infected phone’s number, with a link to download the app.
Maslennikov traced the app’s creation to a website for a Singapore-based company, which seeks even more information about visitors, including PayPal information.
This type of malicious software, called a “Trojan,” has appeared in Android’s Google Play store before, Maslennikov reported, but “it’s the first case that we’ve seen malware in the Apple App Store,” he wrote.
Apple and Google were notified of the malware app available in their stores by Kaspersky, but the app was still available early Thursday morning. In the Google Play store, the app had more than 100 downloads and three one-star ratings, while advertising “Free calls from your mobile phone to domains, email, Skype, social networks. Forget about numbers!!!” In Apple’s App Store, the app received 1.5 stars.
Cupertino, Calif.-based Apple did not immediately respond to an email request for verification and comment. Mountain View, Calif.-based Google does not comment on specific apps.
The malware app adds to problems for Apple’s popular app store after users receiving updates for apps in the past two days suffered through their apps crashing immediately after launching them.